GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-11 12:26:13 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01 Running: gc3tcl9y.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kxtoipow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02176390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02176640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 021753D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 02175300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 021711C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02171290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 02172570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02171000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 021710A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02172510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02171D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] WS2_32.dll!send 71A5428A 5 Bytes JMP 02177250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 021720A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 021723A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[196] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 02172160 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA6390 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EA6640 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EA53D0 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00EA5300 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EA11C0 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EA1290 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00EA2570 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00EA1000 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00EA10A0 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00EA2510 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EA1D10 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] WS2_32.dll!send 71A5428A 5 Bytes JMP 00EA7250 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00EA20A0 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00EA23A0 .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[496] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00EA2160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01556390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01556640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015553D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01555300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015511C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01551290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01552570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01551000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 015510A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01552510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01551D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] WS2_32.dll!send 71A5428A 5 Bytes JMP 01557250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 015520A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 015523A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[556] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01552160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AB6390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AB6640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AB53D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AB5300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AB11C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AB1290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00AB2570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00AB1000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00AB10A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00AB2510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AB1D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] WS2_32.dll!send 71A5428A 5 Bytes JMP 00AB7250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00AB20A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00AB23A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[564] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00AB2160 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CE6390 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CE6640 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CE53D0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CE5300 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE11C0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE1290 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00CE2570 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00CE1000 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00CE10A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00CE2510 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CE1D10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] WS2_32.dll!send 71A5428A 5 Bytes JMP 00CE7250 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00CE20A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00CE23A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[604] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00CE2160 .text C:\WINDOWS\system32\Ati2evxx.exe[620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01356390 .text C:\WINDOWS\system32\Ati2evxx.exe[620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01356640 .text C:\WINDOWS\system32\Ati2evxx.exe[620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013553D0 .text C:\WINDOWS\system32\Ati2evxx.exe[620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01355300 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013511C0 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01351290 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01352570 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01351000 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 013510A0 .text C:\WINDOWS\system32\Ati2evxx.exe[620] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01352510 .text C:\WINDOWS\system32\Ati2evxx.exe[620] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01351D10 .text C:\WINDOWS\system32\Ati2evxx.exe[620] WS2_32.dll!send 71A5428A 5 Bytes JMP 01357250 .text C:\WINDOWS\system32\Ati2evxx.exe[620] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 013520A0 .text C:\WINDOWS\system32\Ati2evxx.exe[620] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 013523A0 .text C:\WINDOWS\system32\Ati2evxx.exe[620] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01352160 .text C:\WINDOWS\system32\spoolsv.exe[632] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\spoolsv.exe[632] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\spoolsv.exe[632] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\spoolsv.exe[632] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\spoolsv.exe[632] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\spoolsv.exe[632] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\spoolsv.exe[632] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\spoolsv.exe[632] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\spoolsv.exe[632] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\spoolsv.exe[632] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00A32160 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011F6390 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011F6640 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011F53D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 011F5300 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011F11C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 011F1290 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 011F2570 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 011F1000 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011F10A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 011F2510 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011F1D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] WS2_32.dll!send 71A5428A 5 Bytes JMP 011F7250 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 011F20A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 011F23A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[712] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 011F2160 .text C:\WINDOWS\system32\acs.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01E16390 .text C:\WINDOWS\system32\acs.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01E16640 .text C:\WINDOWS\system32\acs.exe[808] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01E153D0 .text C:\WINDOWS\system32\acs.exe[808] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01E15300 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01E111C0 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01E11290 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01E12570 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01E11000 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01E110A0 .text C:\WINDOWS\system32\acs.exe[808] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01E12510 .text C:\WINDOWS\system32\acs.exe[808] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01E11D10 .text C:\WINDOWS\system32\acs.exe[808] WS2_32.dll!send 71A5428A 5 Bytes JMP 01E17250 .text C:\WINDOWS\system32\acs.exe[808] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 01E120A0 .text C:\WINDOWS\system32\acs.exe[808] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 01E123A0 .text C:\WINDOWS\system32\acs.exe[808] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01E12160 .text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007E6390 .text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007E6640 .text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007E53D0 .text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007E5300 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007E11C0 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007E1290 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007E2570 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007E1000 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007E10A0 .text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007E2510 .text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 007E20A0 .text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 007E23A0 .text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 007E2160 .text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007E1D10 .text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!send 71A5428A 5 Bytes JMP 007E7250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01136390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01136640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011353D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01135300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011311C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01131290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01132570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01131000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 011310A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01132510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01131D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] WS2_32.dll!send 71A5428A 5 Bytes JMP 01137250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 011320A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 011323A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1180] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01132160 .text C:\WINDOWS\Explorer.EXE[1264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01C36390 .text C:\WINDOWS\Explorer.EXE[1264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01C36640 .text C:\WINDOWS\Explorer.EXE[1264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01C353D0 .text C:\WINDOWS\Explorer.EXE[1264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01C35300 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01C311C0 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01C31290 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01C32570 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01C31000 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01C310A0 .text C:\WINDOWS\Explorer.EXE[1264] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01C32510 .text C:\WINDOWS\Explorer.EXE[1264] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 01C320A0 .text C:\WINDOWS\Explorer.EXE[1264] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 01C323A0 .text C:\WINDOWS\Explorer.EXE[1264] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01C32160 .text C:\WINDOWS\Explorer.EXE[1264] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01C31D10 .text C:\WINDOWS\Explorer.EXE[1264] WS2_32.dll!send 71A5428A 5 Bytes JMP 01C37250 .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00936390 .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00936640 .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009353D0 .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00935300 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009311C0 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00931290 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00932570 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00931000 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009310A0 .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00932510 .text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00931D10 .text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!send 71A5428A 5 Bytes JMP 00937250 .text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 009320A0 .text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 009323A0 .text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00932160 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A66390 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A66640 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A653D0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A65300 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A611C0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A61290 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A62570 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A61000 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A610A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A62510 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A61D10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A67250 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00A620A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00A623A0 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1456] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00A62160 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03BE6390 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03BE6640 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03BE53D0 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 03BE5300 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 03BE11C0 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!CreateFileW 7C810770 5 Bytes JMP 03BE1290 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!MoveFileW 7C821271 5 Bytes JMP 03BE2570 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!CopyFileA 7C8286FE 5 Bytes JMP 03BE1000 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!CopyFileW 7C82F88F 5 Bytes JMP 03BE10A0 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] KERNEL32.dll!MoveFileA 7C835ED7 5 Bytes JMP 03BE2510 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03BE1D10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] WS2_32.dll!send 71A5428A 5 Bytes JMP 03BE7250 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 03BE20A0 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 03BE23A0 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1464] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 03BE2160 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01026390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01026640 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010253D0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01025300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 010211C0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01021290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01022570 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01021000 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 010210A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01022510 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01021D10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] WS2_32.dll!send 71A5428A 5 Bytes JMP 01027250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 010220A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 010223A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1468] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01022160 .text C:\WINDOWS\system32\csrss.exe[1472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 029D6390 .text C:\WINDOWS\system32\csrss.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 029D6640 .text C:\WINDOWS\system32\csrss.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 029D53D0 .text C:\WINDOWS\system32\csrss.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 029D5300 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 029D11C0 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!CreateFileW 7C810770 5 Bytes JMP 029D1290 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!MoveFileW 7C821271 5 Bytes JMP 029D2570 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!CopyFileA 7C8286FE 5 Bytes JMP 029D1000 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!CopyFileW 7C82F88F 5 Bytes JMP 029D10A0 .text C:\WINDOWS\system32\csrss.exe[1472] KERNEL32.dll!MoveFileA 7C835ED7 5 Bytes JMP 029D2510 .text C:\WINDOWS\system32\csrss.exe[1472] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 029D1D10 .text C:\WINDOWS\system32\csrss.exe[1472] WS2_32.dll!send 71A5428A 5 Bytes JMP 029D7250 .text C:\WINDOWS\system32\csrss.exe[1472] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 029D20A0 .text C:\WINDOWS\system32\csrss.exe[1472] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 029D23A0 .text C:\WINDOWS\system32\csrss.exe[1472] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 029D2160 .text C:\WINDOWS\system32\winlogon.exe[1504] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01CE6390 .text C:\WINDOWS\system32\winlogon.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01CE6640 .text C:\WINDOWS\system32\winlogon.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01CE53D0 .text C:\WINDOWS\system32\winlogon.exe[1504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01CE5300 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01CE11C0 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01CE1290 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01CE2570 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01CE1000 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 01CE10A0 .text C:\WINDOWS\system32\winlogon.exe[1504] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01CE2510 .text C:\WINDOWS\system32\winlogon.exe[1504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01CE1D10 .text C:\WINDOWS\system32\winlogon.exe[1504] WS2_32.dll!send 71A5428A 5 Bytes JMP 01CE7250 .text C:\WINDOWS\system32\winlogon.exe[1504] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 01CE20A0 .text C:\WINDOWS\system32\winlogon.exe[1504] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 01CE23A0 .text C:\WINDOWS\system32\winlogon.exe[1504] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01CE2160 .text C:\WINDOWS\system32\services.exe[1548] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01326390 .text C:\WINDOWS\system32\services.exe[1548] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01326640 .text C:\WINDOWS\system32\services.exe[1548] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013253D0 .text C:\WINDOWS\system32\services.exe[1548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01325300 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013211C0 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01321290 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01322570 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01321000 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 013210A0 .text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01322510 .text C:\WINDOWS\system32\services.exe[1548] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01321D10 .text C:\WINDOWS\system32\services.exe[1548] WS2_32.dll!send 71A5428A 5 Bytes JMP 01327250 .text C:\WINDOWS\system32\services.exe[1548] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 013220A0 .text C:\WINDOWS\system32\services.exe[1548] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 013223A0 .text C:\WINDOWS\system32\services.exe[1548] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01322160 .text C:\WINDOWS\RTHDCPL.EXE[1676] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 046E6390 .text C:\WINDOWS\RTHDCPL.EXE[1676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 046E6640 .text C:\WINDOWS\RTHDCPL.EXE[1676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 046E53D0 .text C:\WINDOWS\RTHDCPL.EXE[1676] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 046E5300 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 046E11C0 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 046E1290 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 046E2570 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 046E1000 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 046E10A0 .text C:\WINDOWS\RTHDCPL.EXE[1676] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 046E2510 .text C:\WINDOWS\RTHDCPL.EXE[1676] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 046E1D10 .text C:\WINDOWS\RTHDCPL.EXE[1676] WS2_32.dll!send 71A5428A 5 Bytes JMP 046E7250 .text C:\WINDOWS\RTHDCPL.EXE[1676] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 046E20A0 .text C:\WINDOWS\RTHDCPL.EXE[1676] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 046E23A0 .text C:\WINDOWS\RTHDCPL.EXE[1676] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 046E2160 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F26390 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F26640 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F253D0 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F25300 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F211C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F21290 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00F22570 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00F21000 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00F210A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00F22510 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F21D10 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F27250 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00F220A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00F223A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1708] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00F22160 .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A6390 .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A6640 .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008A53D0 .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008A5300 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A11C0 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008A1290 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 008A2570 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 008A1000 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008A10A0 .text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008A2510 .text C:\WINDOWS\system32\svchost.exe[1728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008A1D10 .text C:\WINDOWS\system32\svchost.exe[1728] WS2_32.dll!send 71A5428A 5 Bytes JMP 008A7250 .text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 008A20A0 .text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 008A23A0 .text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 008A2160 .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AB6390 .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AB6640 .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AB53D0 .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AB5300 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AB11C0 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AB1290 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00AB2570 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00AB1000 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00AB10A0 .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00AB2510 .text C:\WINDOWS\system32\svchost.exe[1800] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AB1D10 .text C:\WINDOWS\system32\svchost.exe[1800] WS2_32.dll!send 71A5428A 5 Bytes JMP 00AB7250 .text C:\WINDOWS\system32\svchost.exe[1800] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00AB20A0 .text C:\WINDOWS\system32\svchost.exe[1800] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00AB23A0 .text C:\WINDOWS\system32\svchost.exe[1800] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00AB2160 .text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02746390 .text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02746640 .text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 027453D0 .text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 02745300 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 027411C0 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02741290 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 02742570 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02741000 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 027410A0 .text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02742510 .text C:\WINDOWS\System32\svchost.exe[1840] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02741D10 .text C:\WINDOWS\System32\svchost.exe[1840] WS2_32.dll!send 71A5428A 5 Bytes JMP 02747250 .text C:\WINDOWS\System32\svchost.exe[1840] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 027420A0 .text C:\WINDOWS\System32\svchost.exe[1840] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 027423A0 .text C:\WINDOWS\System32\svchost.exe[1840] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 02742160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A76390 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A76640 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A753D0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A75300 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A711C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A71290 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A72570 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A71000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A710A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A72510 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WININET.dll!HttpSendRequestA 771B60C9 3 Bytes JMP 00A720A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WININET.dll!HttpSendRequestA + 4 771B60CD 1 Byte [89] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00A723A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00A72160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A71D10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1868] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A77250 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007B6390 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007B6640 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007B53D0 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007B5300 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007B11C0 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007B1290 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007B2570 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007B1000 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007B10A0 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007B2510 .text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007B1D10 .text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!send 71A5428A 5 Bytes JMP 007B7250 .text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 007B20A0 .text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 007B23A0 .text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 007B2160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009A6390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009A6640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009A53D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009A5300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009A11C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009A1290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009A2570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009A1000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009A10A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009A2510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 009A20A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 009A23A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 009A2160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009A1D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1940] WS2_32.dll!send 71A5428A 5 Bytes JMP 009A7250 .text C:\WINDOWS\system32\ctfmon.exe[1964] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B46390 .text C:\WINDOWS\system32\ctfmon.exe[1964] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B46640 .text C:\WINDOWS\system32\ctfmon.exe[1964] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B453D0 .text C:\WINDOWS\system32\ctfmon.exe[1964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B45300 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B411C0 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B41290 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00B42570 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00B41000 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00B410A0 .text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00B42510 .text C:\WINDOWS\system32\ctfmon.exe[1964] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B41D10 .text C:\WINDOWS\system32\ctfmon.exe[1964] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B47250 .text C:\WINDOWS\system32\ctfmon.exe[1964] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00B420A0 .text C:\WINDOWS\system32\ctfmon.exe[1964] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00B423A0 .text C:\WINDOWS\system32\ctfmon.exe[1964] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00B42160 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BF6390 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BF6640 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BF53D0 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF5300 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BF11C0 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BF1290 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00BF2570 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00BF1000 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00BF10A0 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00BF2510 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BF1D10 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] WS2_32.dll!send 71A5428A 5 Bytes JMP 00BF7250 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00BF20A0 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00BF23A0 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[1972] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00BF2160 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 003B6390 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003B6640 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003B53D0 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B5300 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003B11C0 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003B1290 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003B2570 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003B1000 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003B10A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003B2510 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 003B1D10 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] WS2_32.dll!send 71A5428A 5 Bytes JMP 003B7250 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 003B20A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 003B23A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\PLAY ONLINE\ouc.exe[2004] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 003B2160 .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007B6390 .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007B6640 .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007B53D0 .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007B5300 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007B11C0 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007B1290 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007B2570 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007B1000 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007B10A0 .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007B2510 .text C:\WINDOWS\system32\svchost.exe[2036] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007B1D10 .text C:\WINDOWS\system32\svchost.exe[2036] WS2_32.dll!send 71A5428A 5 Bytes JMP 007B7250 .text C:\WINDOWS\system32\svchost.exe[2036] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 007B20A0 .text C:\WINDOWS\system32\svchost.exe[2036] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 007B23A0 .text C:\WINDOWS\system32\svchost.exe[2036] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 007B2160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00FB6390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FB6640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00FB53D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00FB5300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FB11C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FB1290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00FB2570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00FB1000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00FB10A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00FB2510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FB1D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] WS2_32.dll!send 71A5428A 5 Bytes JMP 00FB7250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00FB20A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00FB23A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2172] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00FB2160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE6390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DE6640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DE53D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DE5300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DE11C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00DE1290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00DE2570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00DE1000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00DE10A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00DE2510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DE1D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DE7250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00DE20A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00DE23A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2352] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00DE2160 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F96390 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F96640 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F953D0 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F95300 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F911C0 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F91290 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00F92570 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00F91000 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00F910A0 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00F92510 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!GetSysColor 77D38E50 5 Bytes JMP 0045B9C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!GetSysColorBrush 77D38E83 5 Bytes JMP 0045BA20 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!SetScrollInfo 77D3902C 7 Bytes JMP 0045B8B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0045B840 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0045B930 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0045B8F0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0045B870 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0045B980 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!GetScrollInfo 77D43A2F 7 Bytes JMP 0045B800 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] USER32.dll!EnableScrollBar 77D87BAD 7 Bytes JMP 0045B7C0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F91D10 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F97250 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00F920A0 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 00F923A0 .text C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[2484] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00F92160 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00165300 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 001620A0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 001623A0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\wuauclt.exe[3052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\wuauclt.exe[3052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\wuauclt.exe[3052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\wuauclt.exe[3052] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\wuauclt.exe[3052] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\wuauclt.exe[3052] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\wuauclt.exe[3052] WS2_32.dll!send 71A5428A 5 Bytes JMP 000B7250 .text C:\WINDOWS\system32\wuauclt.exe[3052] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\wuauclt.exe[3052] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 000B23A0 .text C:\WINDOWS\system32\wuauclt.exe[3052] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 000B2160 .text C:\WINDOWS\system32\wscntfy.exe[3064] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wscntfy.exe[3064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wscntfy.exe[3064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wscntfy.exe[3064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[3064] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wscntfy.exe[3064] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wscntfy.exe[3064] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wscntfy.exe[3064] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wscntfy.exe[3064] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wscntfy.exe[3064] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\alg.exe[3128] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[3128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[3128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[3128] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[3128] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[3128] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[3128] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[3128] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[3128] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\alg.exe[3128] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 000A2160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00165300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 001620A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 001623A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[3580] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00162160 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00165300 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\gc3tcl9y.exe[3796] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3848] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3896] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 000A2160 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00165300 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 001620A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 001623A0 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[3980] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00162160 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBF 0xE2 0xDC 0x73 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBF 0xE2 0xDC 0x73 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Kfkgkq C:\Documents and Settings\Administrator\Dane aplikacji\Kfkgkq.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Administrator\Dane aplikacji\Kfkgkq.exe Kfkgkq ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrator\Dane aplikacji\Kfkgkq.exe 146258 bytes executable ---- EOF - GMER 1.0.15 ----