GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-17 21:52:39 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e TOSHIBA_MK2552GSX rev.LV010A Running: chff95j9.exe; Driver: C:\DOCUME~1\Michu\USTAWI~1\Temp\pxtoypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB7983CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB7983BAC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB7984160] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB798408A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB7983782] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB7983C86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB79836C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB7983726] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB7983DA6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB798422E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB7983D66] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB7983EE6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7990BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB79909D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB7990B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B798DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP B79909D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B7990BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B798C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwLoadDriver 805B52F0 7 Bytes JMP B7990B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB955D380, 0x300F77, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\nvsvc32.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009C6390 .text C:\WINDOWS\system32\nvsvc32.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009C6640 .text C:\WINDOWS\system32\nvsvc32.exe[164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009C53D0 .text C:\WINDOWS\system32\nvsvc32.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009C5300 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C11C0 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C1290 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009C2570 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009C1000 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009C10A0 .text C:\WINDOWS\system32\nvsvc32.exe[164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009C2510 .text C:\WINDOWS\system32\nvsvc32.exe[164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009C1D10 .text C:\WINDOWS\system32\nvsvc32.exe[164] WS2_32.dll!send 71A54C27 5 Bytes JMP 009C7250 .text C:\WINDOWS\system32\nvsvc32.exe[164] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 009C20A0 .text C:\WINDOWS\system32\nvsvc32.exe[164] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 009C23A0 .text C:\WINDOWS\system32\nvsvc32.exe[164] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 009C2160 .text C:\WINDOWS\system32\spoolsv.exe[776] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013F6390 .text C:\WINDOWS\system32\spoolsv.exe[776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013F6640 .text C:\WINDOWS\system32\spoolsv.exe[776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013F53D0 .text C:\WINDOWS\system32\spoolsv.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013F5300 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F11C0 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013F1290 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 013F2570 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013F1000 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013F10A0 .text C:\WINDOWS\system32\spoolsv.exe[776] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013F2510 .text C:\WINDOWS\system32\spoolsv.exe[776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013F1D10 .text C:\WINDOWS\system32\spoolsv.exe[776] WS2_32.dll!send 71A54C27 5 Bytes JMP 013F7250 .text C:\WINDOWS\system32\spoolsv.exe[776] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 013F20A0 .text C:\WINDOWS\system32\spoolsv.exe[776] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 013F23A0 .text C:\WINDOWS\system32\spoolsv.exe[776] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 013F2160 .text C:\WINDOWS\system32\csrss.exe[916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012B6390 .text C:\WINDOWS\system32\csrss.exe[916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012B6640 .text C:\WINDOWS\system32\csrss.exe[916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012B53D0 .text C:\WINDOWS\system32\csrss.exe[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012B5300 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 012B11C0 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 012B1290 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 012B2570 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 012B1000 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012B10A0 .text C:\WINDOWS\system32\csrss.exe[916] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 012B2510 .text C:\WINDOWS\system32\csrss.exe[916] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012B1D10 .text C:\WINDOWS\system32\csrss.exe[916] WS2_32.dll!send 71A54C27 5 Bytes JMP 012B7250 .text C:\WINDOWS\system32\csrss.exe[916] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 012B20A0 .text C:\WINDOWS\system32\csrss.exe[916] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 012B23A0 .text C:\WINDOWS\system32\csrss.exe[916] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 012B2160 .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A96390 .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A96640 .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A953D0 .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A95300 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A911C0 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A91290 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01A92570 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01A91000 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01A910A0 .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01A92510 .text C:\WINDOWS\system32\winlogon.exe[944] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A91D10 .text C:\WINDOWS\system32\winlogon.exe[944] WS2_32.dll!send 71A54C27 5 Bytes JMP 01A97250 .text C:\WINDOWS\system32\winlogon.exe[944] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 01A920A0 .text C:\WINDOWS\system32\winlogon.exe[944] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 01A923A0 .text C:\WINDOWS\system32\winlogon.exe[944] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01A92160 .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012A6390 .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012A6640 .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012A53D0 .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012A5300 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012A11C0 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012A1290 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 012A2570 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 012A1000 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012A10A0 .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 012A2510 .text C:\WINDOWS\system32\services.exe[988] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012A1D10 .text C:\WINDOWS\system32\services.exe[988] WS2_32.dll!send 71A54C27 5 Bytes JMP 012A7250 .text C:\WINDOWS\system32\services.exe[988] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 012A20A0 .text C:\WINDOWS\system32\services.exe[988] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 012A23A0 .text C:\WINDOWS\system32\services.exe[988] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 012A2160 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B520A0 .text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B523A0 .text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B52160 .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D26390 .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D26640 .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D253D0 .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D25300 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D211C0 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D21290 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D22570 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D21000 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D210A0 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D22510 .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D21D10 .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D27250 .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00D220A0 .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00D223A0 .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00D22160 .text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03286390 .text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03286640 .text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 032853D0 .text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03285300 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 032811C0 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03281290 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03282570 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03281000 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 032810A0 .text C:\WINDOWS\System32\svchost.exe[1272] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03282510 .text C:\WINDOWS\System32\svchost.exe[1272] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03281D10 .text C:\WINDOWS\System32\svchost.exe[1272] WS2_32.dll!send 71A54C27 5 Bytes JMP 03287250 .text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 032820A0 .text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 032823A0 .text C:\WINDOWS\System32\svchost.exe[1272] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 03282160 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00836390 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00836640 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008353D0 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00835300 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008311C0 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00831290 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00832570 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00831000 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008310A0 .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00832510 .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00831D10 .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!send 71A54C27 5 Bytes JMP 00837250 .text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 008320A0 .text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 008323A0 .text C:\WINDOWS\system32\svchost.exe[1392] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00832160 .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AB6390 .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AB6640 .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AB53D0 .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AB5300 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB11C0 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB1290 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AB2570 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AB1000 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AB10A0 .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AB2510 .text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AB1D10 .text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AB7250 .text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00AB20A0 .text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00AB23A0 .text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00AB2160 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 037D6390 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 037D6640 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 037D53D0 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 037D5300 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 037D11C0 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 037D1290 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 037D2570 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 037D1000 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 037D10A0 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 037D2510 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 037D1D10 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] ws2_32.dll!send 71A54C27 5 Bytes JMP 037D7250 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 037D20A0 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 037D23A0 .text C:\Documents and Settings\Michu\Dane aplikacji\System\Updates.exe[1460] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 037D2160 .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B96390 .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B96640 .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B953D0 .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B95300 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B911C0 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B91290 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B92570 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B91000 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B910A0 .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B92510 .text C:\WINDOWS\system32\svchost.exe[1480] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B91D10 .text C:\WINDOWS\system32\svchost.exe[1480] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B97250 .text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B920A0 .text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B923A0 .text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B92160 .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text C:\WINDOWS\system32\ctfmon.exe[1560] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text C:\WINDOWS\system32\ctfmon.exe[1560] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00B520A0 .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00B523A0 .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00B52160 ? C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: version.dllunknown module: wsock32.dllunknown module: oleaut32.dllunknown module: URLMON.DLLunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: winmm.dllunknown module: gdiplus.dllunknown module: msacm32.dllunknown module: SHFolder.dllunknown module: AVICAP32.DLL .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01116390 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01116640 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011153D0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01115300 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011111C0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01111290 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01112570 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01111000 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011110A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01112510 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01111D10 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] WS2_32.dll!send 71A54C27 5 Bytes JMP 01117250 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] wininet.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 011120A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] wininet.dll!InternetWriteFile 771E8E17 5 Bytes JMP 011123A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] wininet.dll!HttpSendRequestW 77203244 5 Bytes JMP 01112160 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE6390 .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AE6640 .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AE53D0 .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AE5300 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE11C0 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE1290 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AE2570 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AE1000 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AE10A0 .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AE2510 .text C:\WINDOWS\system32\svchost.exe[1832] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 00AE20A0 .text C:\WINDOWS\system32\svchost.exe[1832] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 00AE23A0 .text C:\WINDOWS\system32\svchost.exe[1832] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00AE2160 .text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AE1D10 .text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AE7250 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 010C6390 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 010C6640 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010C53D0 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010C5300 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CreateFileA 7C801A28 3 Bytes JMP 010C11C0 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CreateFileA + 4 7C801A2C 1 Byte [84] .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CreateFileW 7C810800 3 Bytes JMP 010C1290 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CreateFileW + 4 7C810804 1 Byte [84] .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 010C2570 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 010C1000 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010C10A0 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 010C2510 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] wininet.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 010C20A0 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] wininet.dll!InternetWriteFile 771E8E17 5 Bytes JMP 010C23A0 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] wininet.dll!HttpSendRequestW 77203244 5 Bytes JMP 010C2160 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] WS2_32.DLL!GetAddrInfoW 71A52899 5 Bytes JMP 010C1D10 .text C:\Documents and Settings\Michu\Dane aplikacji\Svcdate\Svcd.exe[1924] WS2_32.DLL!send 71A54C27 5 Bytes JMP 010C7250 .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 027A6390 .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 027A6640 .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 027A53D0 .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 027A5300 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027A11C0 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027A1290 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 027A2570 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 027A1000 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 027A10A0 .text C:\WINDOWS\Explorer.EXE[1932] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 027A2510 .text C:\WINDOWS\Explorer.EXE[1932] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 027A20A0 .text C:\WINDOWS\Explorer.EXE[1932] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 027A23A0 .text C:\WINDOWS\Explorer.EXE[1932] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 027A2160 .text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 027A1D10 .text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!send 71A54C27 5 Bytes JMP 027A7250 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01656390 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01656640 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 016553D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01655300 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016511C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01651290 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01652570 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01651000 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 016510A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01652510 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01651D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WS2_32.dll!send 71A54C27 5 Bytes JMP 01657250 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 016520A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 016523A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 01652160 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe[2232] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\alg.exe[3268] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[3268] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[3268] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[3268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[3268] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[3268] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[3268] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[3268] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[3268] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\alg.exe[3268] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3480] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wuauclt.exe[3492] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\wuauclt.exe[3492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\wuauclt.exe[3492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\wuauclt.exe[3492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\wuauclt.exe[3492] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\wuauclt.exe[3492] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\wuauclt.exe[3492] WS2_32.dll!send 71A54C27 5 Bytes JMP 000B7250 .text C:\WINDOWS\system32\wuauclt.exe[3492] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\wuauclt.exe[3492] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 000B23A0 .text C:\WINDOWS\system32\wuauclt.exe[3492] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 000B2160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 000A2160 .text C:\Program Files\Opera\Opera.exe[3788] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Opera\Opera.exe[3788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Opera\Opera.exe[3788] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Opera\Opera.exe[3788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\Opera\Opera.exe[3788] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Opera\Opera.exe[3788] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Opera\Opera.exe[3788] WININET.dll!HttpSendRequestA 771B60C1 5 Bytes JMP 001620A0 .text C:\Program Files\Opera\Opera.exe[3788] WININET.dll!InternetWriteFile 771E8E17 5 Bytes JMP 001623A0 .text C:\Program Files\Opera\Opera.exe[3788] WININET.dll!HttpSendRequestW 77203244 5 Bytes JMP 00162160 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [ADVAPI32.dll!CryptGetHashParam] [00401004] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [ADVAPI32.dll!CryptHashData] 6F420703 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [ADVAPI32.dll!CryptCreateHash] 61656C6F IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [ADVAPI32.dll!CryptAcquireContextA] 0000016E IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [ADVAPI32.dll!CryptDestroyHash] 00010000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 46050040 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetTickCount] 65736C61 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 75725404 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [00408D65] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [0040102C] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!Sleep] 68430402 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!InterlockedExchange] 00017261 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!FindResourceA] FF000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!LoadResource] 90000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetFileType] [00401040] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetConsoleMode] 6E490701 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!SetErrorMode] 65676574 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetVersion] 00000472 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetCPInfo] FFFF8000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetCurrentProcessId] C08B7FFF IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetModuleFileNameA] [00401058] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!CreateFileMappingA] 79420401 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!MapViewOfFileEx] 00016574 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!CloseHandle] FF000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!UnmapViewOfFile] 90000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetFileAttributesA] [0040106C] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetModuleHandleA] 6F570401 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetProcAddress] 00036472 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetSystemDefaultLangID] FF000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetConsoleOutputCP] 900000FF IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetLocaleInfoA] [00401080] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!FindFirstFileA] 61430801 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!FindNextFileA] 6E696472 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!FindClose] 00056C61 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!LoadLibraryExA] FF000000 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 90FFFFFF IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!TerminateProcess] [00401098] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!GetCurrentProcess] 7473060A IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 676E6972 IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [004010A4] C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe (Microsoft® Resource File To COFF Object Conversion Utility/Microsoft Corporation) IAT C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe[1628] @ C:\Documents and Settings\Michu\Ustawienia lokalne\Temp\svchost.exe [KERNEL32.dll!IsDebuggerPresent] 69570A0B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x21 0x08 0x7D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0x21 0x08 0x7D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Gdryre C:\Documents and Settings\Michu\Dane aplikacji\Gdryre.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Michu\Dane aplikacji\Gdryre.exe adulti serbo Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31328 Zawiera kroki niezb?dne do dodania nowego programu lub zmiany albo usuni?cia programu istniej?cego. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31249 Przesy?a kopie zaznaczonych element?w do publicznej strony sieci Web, udost?pniaj?c je w ten spos?b innym osobom. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31253 Przenosi zaznaczone elementy do Kosza. Je?li zechcesz odzyska? je w p??niejszym czasie, przejd? do Kosza. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-28964 Wybrana zosta?a opcja wy?wietlania chronionych plik?w systemu operacyjnego (pliki z atrybutami Systemowy i Ukryty) w Eksploratorze Windows. S? to pliki wymagane do uruchamiania i pracy systemu Windows. Usuni?cie lub edycja tych plik?w mog? spowodowa? niemo?no?? korzystania z komputera. Czy na pewno chcesz wy?wietla? te pliki? Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\7zg067w9.exe 7zg067w9 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\inf\unregmp2.exe,-155 Odtwarza multimedia cyfrowe, na przyk?ad muzyk?, wideo, dyski CD oraz DVD a tak?e radio internetowe. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe Google Chrome Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe Microsoft? Silverlight Configuration Utility Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Michu\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\chff95j9.exe chff95j9 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Michu\Dane aplikacji\Gdryre.exe 262144 bytes executable ---- EOF - GMER 1.0.15 ----