GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-13 20:46:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-a SAMSUNG_SP1203N rev.TL100-23 111,82GB Running: f51rscno.exe; Driver: C:\DOCUME~1\Monisia\USTAWI~1\Temp\uwtoypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 88, 00] {SUB AL, AL; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008B6390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 88, 00] {SUB BL, AL; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 88, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 88, 00] {TEST AL, 0xc1; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915EDA .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 88, 00] {TEST AL, 0xc2; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 88, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 88, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915F4B .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 88, 00] {TEST AL, 0xc0; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008B6640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916079 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008B53D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 88, 00] {SUB CL, AL; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 88, 00] {SUB DL, AL; MOV [EAX], AL} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 88, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008B5300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008B1D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 008B20A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 008B23A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 008B2160 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AF6390 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AF6640 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AF53D0 .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AF5300 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF11C0 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AF1290 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AF2570 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AF1000 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AF10A0 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AF2510 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00AF20A0 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00AF23A0 .text C:\WINDOWS\system32\svchost.exe[380] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00AF2160 .text C:\WINDOWS\system32\svchost.exe[380] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AF1D10 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01FA6390 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01FA6640 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01FA53D0 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01FA5300 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01FA11C0 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01FA1290 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01FA2570 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01FA1000 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01FA10A0 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01FA2510 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 01FA20A0 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 01FA23A0 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01FA2160 .text C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe[468] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01FA1D10 .text C:\WINDOWS\system32\csrss.exe[500] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013C6390 .text C:\WINDOWS\system32\csrss.exe[500] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013C6640 .text C:\WINDOWS\system32\csrss.exe[500] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013C53D0 .text C:\WINDOWS\system32\csrss.exe[500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013C5300 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 013C11C0 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 013C1290 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 013C2570 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013C1000 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013C10A0 .text C:\WINDOWS\system32\csrss.exe[500] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013C2510 .text C:\WINDOWS\system32\csrss.exe[500] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013C1D10 .text C:\WINDOWS\system32\csrss.exe[500] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 013C20A0 .text C:\WINDOWS\system32\csrss.exe[500] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 013C23A0 .text C:\WINDOWS\system32\csrss.exe[500] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 013C2160 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01AE6390 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01AE6640 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01AE53D0 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01AE5300 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AE11C0 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AE1290 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01AE2570 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01AE1000 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01AE10A0 .text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01AE2510 .text C:\WINDOWS\system32\winlogon.exe[528] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01AE1D10 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 01AE20A0 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 01AE23A0 .text C:\WINDOWS\system32\winlogon.exe[528] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01AE2160 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D46390 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D46640 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D453D0 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D45300 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D411C0 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D41290 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D42570 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D41000 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D410A0 .text C:\WINDOWS\system32\services.exe[572] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D42510 .text C:\WINDOWS\system32\services.exe[572] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D41D10 .text C:\WINDOWS\system32\services.exe[572] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00D420A0 .text C:\WINDOWS\system32\services.exe[572] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00D423A0 .text C:\WINDOWS\system32\services.exe[572] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00D42160 .text C:\WINDOWS\system32\Ati2evxx.exe[760] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CA6390 .text C:\WINDOWS\system32\Ati2evxx.exe[760] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CA6640 .text C:\WINDOWS\system32\Ati2evxx.exe[760] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CA53D0 .text C:\WINDOWS\system32\Ati2evxx.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CA5300 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA11C0 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA1290 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CA2570 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CA1000 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CA10A0 .text C:\WINDOWS\system32\Ati2evxx.exe[760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CA2510 .text C:\WINDOWS\system32\Ati2evxx.exe[760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CA1D10 .text C:\WINDOWS\system32\Ati2evxx.exe[760] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00CA20A0 .text C:\WINDOWS\system32\Ati2evxx.exe[760] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00CA23A0 .text C:\WINDOWS\system32\Ati2evxx.exe[760] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00CA2160 .text C:\WINDOWS\system32\svchost.exe[776] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02416390 .text C:\WINDOWS\system32\svchost.exe[776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02416640 .text C:\WINDOWS\system32\svchost.exe[776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024153D0 .text C:\WINDOWS\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02415300 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024111C0 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02411290 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02412570 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02411000 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024110A0 .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02412510 .text C:\WINDOWS\system32\svchost.exe[776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02411D10 .text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 024120A0 .text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 024123A0 .text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 02412160 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Monisia\Pulpit\OTL.exe[800] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00C123A0 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00C12160 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006E6390 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006E6640 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006E53D0 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006E5300 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E11C0 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E1290 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006E2570 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006E1000 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006E10A0 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006E2510 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006E1D10 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 006E20A0 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 006E23A0 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[872] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 006E2160 .text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 04306390 .text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 04306640 .text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 043053D0 .text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 04305300 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 043011C0 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04301290 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 04302570 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 04301000 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 043010A0 .text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 04302510 .text C:\WINDOWS\System32\svchost.exe[904] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04301D10 .text C:\WINDOWS\System32\svchost.exe[904] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 043020A0 .text C:\WINDOWS\System32\svchost.exe[904] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 043023A0 .text C:\WINDOWS\System32\svchost.exe[904] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 04302160 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00976390 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00976640 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009753D0 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00975300 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009711C0 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00971290 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00972570 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00971000 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009710A0 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00972510 .text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 009720A0 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 009723A0 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00972160 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D16390 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D16640 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D153D0 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D15300 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D11290 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D12570 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D11000 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D110A0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D12510 .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D11D10 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00D120A0 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00D123A0 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00D12160 .text C:\WINDOWS\system32\dmwu.exe[1048] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01EE6390 .text C:\WINDOWS\system32\dmwu.exe[1048] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01EE6640 .text C:\WINDOWS\system32\dmwu.exe[1048] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01EE53D0 .text C:\WINDOWS\system32\dmwu.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01EE5300 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01EE11C0 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01EE1290 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01EE2570 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01EE1000 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01EE10A0 .text C:\WINDOWS\system32\dmwu.exe[1048] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01EE2510 .text C:\WINDOWS\system32\dmwu.exe[1048] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 01EE20A0 .text C:\WINDOWS\system32\dmwu.exe[1048] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 01EE23A0 .text C:\WINDOWS\system32\dmwu.exe[1048] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01EE2160 .text C:\WINDOWS\system32\dmwu.exe[1048] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01EE1D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 029A6390 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 029A6640 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 029A53D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 029A5300 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029A11C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029A1290 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 029A2570 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 029A1000 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 029A10A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 029A2510 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 029A1D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 029A20A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 029A23A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1068] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 029A2160 .text C:\WINDOWS\system32\wdfmgr.exe[1168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A6390 .text C:\WINDOWS\system32\wdfmgr.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A6640 .text C:\WINDOWS\system32\wdfmgr.exe[1168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008A53D0 .text C:\WINDOWS\system32\wdfmgr.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A5300 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A11C0 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A1290 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008A2570 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008A1000 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008A10A0 .text C:\WINDOWS\system32\wdfmgr.exe[1168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008A2510 .text C:\WINDOWS\system32\wdfmgr.exe[1168] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008A1D10 .text C:\WINDOWS\system32\wdfmgr.exe[1168] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 008A20A0 .text C:\WINDOWS\system32\wdfmgr.exe[1168] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 008A23A0 .text C:\WINDOWS\system32\wdfmgr.exe[1168] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 008A2160 .text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01506390 .text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01506640 .text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015053D0 .text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01505300 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015011C0 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01501290 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01502570 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01501000 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015010A0 .text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01502510 .text C:\WINDOWS\system32\spoolsv.exe[1236] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01501D10 .text C:\WINDOWS\system32\spoolsv.exe[1236] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 015020A0 .text C:\WINDOWS\system32\spoolsv.exe[1236] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 015023A0 .text C:\WINDOWS\system32\spoolsv.exe[1236] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01502160 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007A6390 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007A6640 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007A53D0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007A5300 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A1290 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007A2570 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007A1000 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007A10A0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007A2510 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007A1D10 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 007A20A0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 007A23A0 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1296] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 007A2160 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BC6390 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BC6640 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BC53D0 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BC5300 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC11C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC1290 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BC2570 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BC1000 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BC10A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BC2510 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BC1D10 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00BC20A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00BC23A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1412] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00BC2160 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00C123A0 .text C:\WINDOWS\system32\svchost.exe[1472] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00C12160 .text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02E36390 .text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02E36640 .text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02E353D0 .text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02E35300 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E311C0 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E31290 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02E32570 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02E31000 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 02E310A0 .text C:\WINDOWS\Explorer.EXE[1504] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02E32510 .text C:\WINDOWS\Explorer.EXE[1504] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 02E320A0 .text C:\WINDOWS\Explorer.EXE[1504] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 02E323A0 .text C:\WINDOWS\Explorer.EXE[1504] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 02E32160 .text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02E31D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1576] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D16390 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D16640 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D153D0 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D15300 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D11290 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D12570 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D11000 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D110A0 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D12510 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D11D10 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00D120A0 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00D123A0 .text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1708] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00D12160 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CE6390 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CE6640 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CE53D0 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CE5300 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE11C0 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE1290 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CE2570 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CE1000 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CE10A0 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CE2510 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CE1D10 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00CE20A0 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00CE23A0 .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1716] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00CE2160 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 020B6390 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 020B6640 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 020B53D0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 020B5300 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 020B11C0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 020B1290 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 020B2570 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 020B1000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 020B10A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 020B2510 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 020B20A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 020B23A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 020B2160 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1724] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 020B1D10 .text C:\Program Files\Winamp\winampa.exe[1736] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00906390 .text C:\Program Files\Winamp\winampa.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00906640 .text C:\Program Files\Winamp\winampa.exe[1736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009053D0 .text C:\Program Files\Winamp\winampa.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00905300 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009011C0 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00901290 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00902570 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00901000 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009010A0 .text C:\Program Files\Winamp\winampa.exe[1736] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00902510 .text C:\Program Files\Winamp\winampa.exe[1736] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00901D10 .text C:\Program Files\Winamp\winampa.exe[1736] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 009020A0 .text C:\Program Files\Winamp\winampa.exe[1736] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 009023A0 .text C:\Program Files\Winamp\winampa.exe[1736] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00902160 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01AC6390 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01AC6640 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01AC53D0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01AC5300 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AC11C0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AC1290 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01AC2570 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01AC1000 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01AC10A0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01AC2510 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 01AC20A0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 01AC23A0 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!HttpSendRequestW 77203244 3 Bytes JMP 01AC2160 .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WININET.dll!HttpSendRequestW + 4 77203248 1 Byte [8A] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1744] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01AC1D10 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C26390 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C26640 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C253D0 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C25300 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C21290 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C22570 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C21000 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C210A0 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C22510 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00C220A0 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00C223A0 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[1752] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00C22160 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00976390 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00976640 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009753D0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00975300 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009711C0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00971290 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00972570 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00971000 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009710A0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00972510 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 009720A0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 009723A0 .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1760] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00972160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00A320A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00A323A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00A32160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C46390 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C46640 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C453D0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C45300 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C411C0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C41290 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C42570 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C41000 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C410A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C42510 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00C420A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00C423A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00C42160 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1836] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C41D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2108] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Monisia\Pulpit\f51rscno.exe[2128] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 7D, 00] {SUB [EDI], DH; JGE 0x4} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 7D, 00] {TEST AL, 0x35; JGE 0x4} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91534E .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 7D, 00] {TEST AL, 0x36; JGE 0x4} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9153BF .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 7D, 00] {TEST AL, 0x34; JGE 0x4} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9154ED .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 7D, 00] {SUB [ESI], DH; JGE 0x4} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 7D, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2284] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B71290 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B72570 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B71000 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B710A0 .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B72510 .text C:\WINDOWS\System32\alg.exe[2536] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\WINDOWS\System32\alg.exe[2536] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B720A0 .text C:\WINDOWS\System32\alg.exe[2536] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B723A0 .text C:\WINDOWS\System32\alg.exe[2536] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B72160 .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B66390 .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B66640 .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B653D0 .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B65300 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B611C0 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B61290 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B62570 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B61000 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B610A0 .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B62510 .text C:\WINDOWS\system32\wscntfy.exe[2632] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B61D10 .text C:\WINDOWS\system32\wscntfy.exe[2632] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B620A0 .text C:\WINDOWS\system32\wscntfy.exe[2632] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B623A0 .text C:\WINDOWS\system32\wscntfy.exe[2632] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B62160 .text C:\WINDOWS\FONTS\4E45D.com[3092] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013B6390 .text C:\WINDOWS\FONTS\4E45D.com[3092] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013B6640 .text C:\WINDOWS\FONTS\4E45D.com[3092] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013B53D0 .text C:\WINDOWS\FONTS\4E45D.com[3092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013B5300 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013B11C0 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013B1290 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 013B2570 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013B1000 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013B10A0 .text C:\WINDOWS\FONTS\4E45D.com[3092] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013B2510 .text C:\WINDOWS\FONTS\4E45D.com[3092] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013B1D10 .text C:\WINDOWS\FONTS\4E45D.com[3092] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 013B20A0 .text C:\WINDOWS\FONTS\4E45D.com[3092] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 013B23A0 .text C:\WINDOWS\FONTS\4E45D.com[3092] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 013B2160 .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B71290 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B72570 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B71000 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B710A0 .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B72510 .text C:\WINDOWS\system32\ctfmon.exe[3100] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\WINDOWS\system32\ctfmon.exe[3100] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B720A0 .text C:\WINDOWS\system32\ctfmon.exe[3100] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B723A0 .text C:\WINDOWS\system32\ctfmon.exe[3100] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B72160 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03936390 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03936640 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 039353D0 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03935300 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 039311C0 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03931290 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03932570 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03931000 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 039310A0 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03932510 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] wininet.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 039320A0 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] wininet.dll!InternetWriteFile 771E8E17 5 Bytes JMP 039323A0 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] wininet.dll!HttpSendRequestW 77203244 5 Bytes JMP 03932160 .text C:\Program Files\Kalendarz XP\Kalendarz.exe[3160] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03931D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01046390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 01, 01] {SUB [EDI], CH; ADD [ECX], EAX} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 01, 01] {TEST AL, 0x2d; ADD [ECX], EAX} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D746 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 01, 01] {TEST AL, 0x2e; ADD [ECX], EAX} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D7B7 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 01, 01] {TEST AL, 0x2c; ADD [ECX], EAX} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01046640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D8E5 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010453D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 01, 01] {SUB [ESI], CH; ADD [ECX], EAX} .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 01, 01] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01045300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01041D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 010420A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 010423A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01042160 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00676390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913A92 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913B03 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00676640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913C31 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006753D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00675300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00671D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 006720A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 006723A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00672160 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00676390 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913A9A .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913B0B .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00676640 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913C39 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006753D0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 64, 00] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00675300 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00671D10 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 006720A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 006723A0 .text C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00672160 ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A50010 IAT C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00930010 IAT C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 011E0010 IAT C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00810010 IAT C:\Documents and Settings\Monisia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00810010 ---- Registry - GMER 2.0 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Monisia\Dane aplikacji\Kadadk.exe ---- Files - GMER 2.0 ---- File C:\Documents and Settings\Monisia\Dane aplikacji\Kadadk.exe 233472 bytes executable ---- EOF - GMER 2.0 ----