GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-21 22:27:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HTS542512K9SA00 rev.BB2OC31P Running: ybl3rv1q.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\fwddipog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xA65CDE64] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xA65ADEEE] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xA65AE0E0] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xA65CE652] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xA65CE906] SSDT spqc.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spqc.sys ZwEnumerateValueKey [0xB9ECE132] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xA65CCB64] SSDT spqc.sys ZwQueryKey [0xB9ECE20A] SSDT spqc.sys ZwQueryValueKey [0xB9ECE08A] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xA65CED72] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xA65CE124] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xA65ADB5C] INT 0x62 ? 89DD3BF8 INT 0x63 ? 89B35BF8 INT 0x74 ? 89B35BF8 INT 0x82 ? 89DD3BF8 INT 0x84 ? 89B35BF8 INT 0x94 ? 89B35BF8 INT 0xA4 ? 89DD3BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes [06, E9, 5C, A6] ? spqc.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B96918AC 5 Bytes JMP 89B351D8 .text aay4xwk2.SYS B94A7386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aay4xwk2.SYS B94A73AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aay4xwk2.SYS B94A73C4 3 Bytes [00, 80, 02] .text aay4xwk2.SYS B94A73C9 1 Byte [30] .text aay4xwk2.SYS B94A73C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spoolsv.exe[252] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[844] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Instalki\LAUNCH~1\LManager.exe[872] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[884] KERNEL32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe[912] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\Eraser\Eraser.exe[916] KERNEL32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1000] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[1136] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Magazyn\ybl3rv1q.exe[1140] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\csrss.exe[1196] KERNEL32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\winlogon.exe[1220] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\winlogon.exe[1220] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\winlogon.exe[1220] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\services.exe[1264] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\lsass.exe[1276] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe[1568] KERNEL32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F480F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3C0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F330F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2D0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F2A0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F300F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F420F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3F0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F4B0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F360F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F390F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F450F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\hkcmd.exe[1872] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\igfxpers.exe[1892] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[1900] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2036] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgrsx.exe[2044] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\DOCUME~1\User\USTAWI~1\Temp\RtkBtMnt.exe[2088] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\igfxext.exe[2156] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[2264] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2296] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Instalki\Java\jre6\bin\jqs.exe[2364] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2540] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[2708] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2844] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Instalki\MaxCrypt2\SysSrvc.exe[3004] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3032] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[3072] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgemc.exe[3164] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Instalki\Gadu-Gadu\gg.exe[3312] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[3924] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F1C0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindFirstFileExW 7C80EB1D 6 Bytes JMP 5F100F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindClose 7C80EE77 6 Bytes JMP 5F190F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindFirstFileW 7C80EF81 6 Bytes JMP 5F160F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes JMP 5F0A0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!SetCurrentDirectoryW 7C80F38E 6 Bytes JMP 5F460F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1F0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindFirstFileA 7C813879 6 Bytes JMP 5F130F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 5F3A0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F310F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F2B0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F280F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 5F220F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 5F250F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F2E0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes JMP 5F040F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 5F400F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 5F3D0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!SetCurrentDirectoryA 7C83610D 6 Bytes JMP 5F490F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateDirectoryExW 7C85B5CA 6 Bytes JMP 5F340F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!CreateDirectoryExA 7C85C213 6 Bytes JMP 5F370F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!FindFirstFileExA 7C85D4EA 6 Bytes JMP 5F0D0F5A .text D:\Instalki\Spyware Doctor\BDT\BDTUpdateService.exe[4404] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 5F430F5A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spqc.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spqc.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spqc.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spqc.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spqc.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spqc.sys IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aay4xwk2.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DD21F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 89C051F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E441F8 Device \Driver\dmio \Device\DmControl\DmConfig 89E441F8 Device \Driver\dmio \Device\DmControl\DmPnP 89E441F8 Device \Driver\dmio \Device\DmControl\DmInfo 89E441F8 Device \Driver\usbuhci \Device\USBPDO-1 89C051F8 Device \Driver\usbehci \Device\USBPDO-2 89BF91F8 Device \Driver\usbehci \Device\USBPDO-3 89BF91F8 Device \Driver\usbuhci \Device\USBPDO-4 89C051F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 89C051F8 Device \Driver\PCI_PNP3220 \Device\00000049 spqc.sys Device \Driver\usbuhci \Device\USBPDO-6 89C051F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89DD41F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89DD41F8 Device \Driver\Cdrom \Device\CdRom0 89B961F8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 89B961F8 Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{00D217EA-86B0-4E33-900C-ED647740E0E8} 893AF500 Device \Driver\NetBT \Device\NetBt_Wins_Export 893AF500 Device \Driver\NetBT \Device\NetbiosSmb 893AF500 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89C051F8 Device \Driver\usbuhci \Device\USBFDO-1 89C051F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89ACB1F8 Device \Driver\usbehci \Device\USBFDO-2 89BF91F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89ACB1F8 Device \Driver\sptd \Device\300926970 spqc.sys Device \Driver\usbuhci \Device\USBFDO-3 89C051F8 Device \Driver\usbuhci \Device\USBFDO-4 89C051F8 Device \Driver\Ftdisk \Device\FtControl 89DD41F8 Device \Driver\usbuhci \Device\USBFDO-5 89C051F8 Device \Driver\usbehci \Device\USBFDO-6 89BF91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{A0A7F5F1-AB83-4A59-A56F-DC53DEDC770D} 893AF500 Device \Driver\aay4xwk2 \Device\Scsi\aay4xwk21 89B94500 Device \Driver\aay4xwk2 \Device\Scsi\aay4xwk21Port4Path0Target0Lun0 89B94500 Device \FileSystem\Cdfs \Cdfs 892921F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x11 0xDF 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x43 0xB1 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x57 0xC2 0xEA 0xAC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x11 0xDF 0x40 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x43 0xB1 0xFD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x57 0xC2 0xEA 0xAC ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\cl.uclmc2 533 bytes ---- EOF - GMER 1.0.15 ----