GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-16 19:40:18 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-00FJA0 rev.13.03G13 Running: 5q1jb5n0.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\uxtdapog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwClose [0xAFF29DD5] SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile [0xB004436A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateKey [0xAFF25CE0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcess [0xAFF28C43] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcessEx [0xAFF28AC0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateThread [0xAFF2917A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteFile [0xAFF29E55] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteKey [0xAFF26111] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteValueKey [0xAFF261A4] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xF742BC7E] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xF742BFF6] SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xAFCDA890] SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xAFCDA770] SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile [0xB0044CD8] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenKey [0xAFF25F37] SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile [0xB0044842] SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess [0xB00411E0] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xF742C0C0] SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryValueKey [0xF742BF58] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwResumeThread [0xAFF29206] SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile [0xB0045142] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwSetValueKey [0xAFF262AD] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwWriteFile [0xAFF29B26] ---- Kernel code sections - GMER 1.0.15 ---- .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF7896000, 0xC0A, 0x40000040] PAGENDSM NDIS.sys!NdisMIndicateStatus F7A3CA5F 6 Bytes JMP AFF1DF8C \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9255000, 0x1C5D38, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAC8CA300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\System32\DRIVERS\ithsgt.sys section is writeable [0xAC87A300, 0x21770, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF77A7300, 0x1B7E, 0xE8000020] pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xAC6EBF00, 0x24000, 0x48000000] ? C:\WINDOWS\TEMP\mc23.tmp Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[276] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000308C4 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00030838 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00030950 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00030F54 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00030FE0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00030D24 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00030DB0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00030E3C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[380] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00030EC8 .text C:\Program Files\Program Protector\ProtectorService.exe[440] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Program Protector\ProtectorService.exe[440] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Program Protector\ProtectorService.exe[440] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Program Protector\ProtectorService.exe[440] user32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Program Protector\ProtectorService.exe[440] user32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[584] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[600] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[600] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[632] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[632] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[676] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[676] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[676] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[696] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[696] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[696] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[696] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[696] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\Ati2evxx.exe[864] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[864] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[864] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[968] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[968] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[968] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[968] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00080EC8 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe[1000] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1324] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1324] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1324] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1324] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1324] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!SetWindowLongA 7E36D60D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!SetWindowLongW 7E36D62B 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!GetWindowInfo 7E36E77C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!TrackPopupMenu 7E3B50EE 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1524] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\WINDOWS\Explorer.EXE[1632] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1632] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[1632] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[1632] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[1632] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[1632] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[1632] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[1632] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1720] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[1728] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ws2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ws2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ws2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WINDOWS\System32\hphmon05.exe[1752] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\hphmon05.exe[1752] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\System32\hphmon05.exe[1752] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\System32\hphmon05.exe[1752] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\System32\hphmon05.exe[1752] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1764] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\SOUNDMAN.EXE[1784] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1784] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\SOUNDMAN.EXE[1784] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\SOUNDMAN.EXE[1784] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\SOUNDMAN.EXE[1784] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1792] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1800] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[1824] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[1824] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] wininet.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1844] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe[1888] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\HydraIRC\HydraIRC.exe[2072] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[2436] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[2436] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[2436] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2744] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\5q1jb5n0.exe[3196] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 013AB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Mozilla Firefox\firefox.exe[3600] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Gadu-Gadu\gg.exe[3684] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [05, 5F] .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Gadu-Gadu\gg.exe[3684] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetConnectA 436349B2 5 Bytes JMP 00130F54 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetConnectW 43635BA8 5 Bytes JMP 00130FE0 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetOpenA 4363C869 5 Bytes JMP 00130D24 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetOpenW 4363CEA1 5 Bytes JMP 00130DB0 .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetOpenUrlA 436406DD 5 Bytes JMP 00130E3C .text C:\Program Files\Gadu-Gadu\gg.exe[3684] WININET.dll!InternetOpenUrlW 4368A8B1 5 Bytes JMP 00130EC8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SPTD1053.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7434E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\Drivers\SPTD1053.SYS[ntoskrnl.exe!IofCompleteRequest] [F7449C76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F74353B2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F74352B6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7435482] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F744A032] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F7434F6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7449C76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7434E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7427A32] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7427B6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7427AF6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74286CC] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74285A2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F744A864] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7439F78] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AFF1DDE0] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AFF1DDFB] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AFF1DE7F] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AFF1DEA2] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AFF1DE7F] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AFF1DDFB] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AFF1DDE0] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AFF1DE7F] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AFF1DEA2] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AFF1DDE0] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AFF1DDFB] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A575808 AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A575EB0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F78592F0] atapi.sys[unknown section] {MOV EAX, 0x8a575b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A5CA0B8 Device \Driver\atapi \Device\Ide\IdePort0 [F78592F0] atapi.sys[unknown section] {MOV EAX, 0x8a575b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdePort0 8A5CA0B8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F78592F0] atapi.sys[unknown section] {MOV EAX, 0x8a575b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5CA0B8 Device \Driver\atapi \Device\Ide\IdePort1 [F78592F0] atapi.sys[unknown section] {MOV EAX, 0x8a575b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdePort1 8A5CA0B8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F78592F0] atapi.sys[unknown section] {MOV EAX, 0x8a575b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf743c442; RET } Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A5CA0B8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A575EB0 Device \Driver\USBSTOR \Device\00000081 89BB53E8 Device \Driver\USBSTOR \Device\00000083 89BB53E8 Device \Driver\USBSTOR \Device\00000084 89BB53E8 AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) Device \Driver\Disk \Device\Harddisk0\DR0 8A575A40 AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Jądro i system NT/Microsoft Corporation) Device \Driver\Disk \Device\Harddisk1\DR2 8A575A40 Device \Driver\Disk \Device\Harddisk2\DR6 8A575A40 Device \Driver\Ftdisk \Device\FtControl 8A575EB0 Device \Driver\USBSTOR \Device\0000007e 89BB53E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 2046898610 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 216666934 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 195118551 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ----