GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-15 15:08:40 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 SAMSUNG_HD502HJ rev.1AJ10001 Running: 90qp6pnt.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\pgtdapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAABA34B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xAABA37F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAABA3AB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xAABA35D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xAABA38B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xAABA3350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xAABA3410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAABA3570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xAABA3630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAABA3530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAABA34F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAABA3670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xAABA3870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAABA33B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAABA3430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xAABA3830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xAABA3370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAABA3470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAABA35F0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [B0, 33, BA, AA, 30, 34, BA, ...] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB74A7000, 0x2C28EE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[260] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[260] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[260] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[464] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\svchost.exe[464] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\svchost.exe[464] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text E:\Program Files\ESET\ESET Smart Security\ekrn.exe[528] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text E:\Program Files\ESET\ESET Smart Security\ekrn.exe[528] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text E:\Program Files\ESET\ESET Smart Security\ekrn.exe[528] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text E:\Program Files\ESET\ESET Smart Security\ekrn.exe[528] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc E:\Program Files\ESET\ESET Smart Security\ekrn.exe[528] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\spoolsv.exe[564] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\spoolsv.exe[564] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\WINDOWS\system32\spoolsv.exe[564] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\spoolsv.exe[564] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, F7, 00, FF, E0, ...] {MOV EAX, 0xf71057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[772] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[772] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Java\jre6\bin\jqs.exe[816] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\Java\jre6\bin\jqs.exe[816] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\Program Files\Java\jre6\bin\jqs.exe[816] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Java\jre6\bin\jqs.exe[816] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 1A, 02, FF, E0, ...] {MOV EAX, 0x21a1057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[848] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\Explorer.EXE[848] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe[960] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe[960] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe[960] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe[960] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text E:\Program Files\ESET\ESET Smart Security\egui.exe[1108] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text E:\Program Files\ESET\ESET Smart Security\egui.exe[1108] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc E:\Program Files\ESET\ESET Smart Security\egui.exe[1108] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\winlogon.exe[1148] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\winlogon.exe[1148] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\winlogon.exe[1148] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\services.exe[1192] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\services.exe[1192] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\services.exe[1192] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\lsass.exe[1204] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\lsass.exe[1204] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\lsass.exe[1204] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1408] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1408] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\WINDOWS\system32\svchost.exe[1464] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1464] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\svchost.exe[1552] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\svchost.exe[1552] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\PnkBstrA.exe[1680] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\PnkBstrA.exe[1680] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\WINDOWS\system32\PnkBstrA.exe[1680] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\PnkBstrA.exe[1680] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\svchost.exe[1696] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\WINDOWS\System32\svchost.exe[1696] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\svchost.exe[1696] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1784] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1784] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1784] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\WINDOWS\system32\svchost.exe[1936] c:\windows\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\svchost.exe[1936] c:\windows\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2096] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2096] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\wbem\wmiapsrv.exe[2096] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2112] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2112] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2112] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[2284] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\svchost.exe[2284] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\svchost.exe[2284] C:\WINDOWS\System32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2600] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2600] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2600] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2600] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\system32\SearchIndexer.exe[3124] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[3124] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\system32\SearchIndexer.exe[3124] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\system32\SearchIndexer.exe[3124] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\WINDOWS\System32\alg.exe[3272] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\WINDOWS\System32\alg.exe[3272] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\WINDOWS\System32\alg.exe[3272] C:\WINDOWS\System32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3320] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3320] WS2_32.dll!connect 71A54A07 8 Bytes [B8, 4C, 13, 00, 10, FF, E0, ...] {MOV EAX, 0x1000134c; JMP EAX; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3320] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3320] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] WS2_32.dll!socket 71A54211 9 Bytes [B8, 57, 10, 00, 10, FF, E0, ...] {MOV EAX, 0x10001057; JMP EAX; NOP ; NOP } .text C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71A51000, 0x12153, 0xE0000020] .reloc C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] C:\WINDOWS\system32\WS2_32.dll section is executable [0x71A66000, 0x1DC8, 0xE0000040] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2376] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2384] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2428] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3756] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) Device \Driver\USB_RNDIS \Device\{834A4880-42DF-4570-BE20-D101FF0538F5} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x59 0x85 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0x4C 0xB3 0x9C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xB1 0x8A 0x9A ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC5F6FF803E4B3E49B1502C4AA2A17A6\Usage@smartwebprinting.msm 1078920561 ---- EOF - GMER 1.0.15 ----