GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-07 20:42:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340016A rev.3.75 Running: 7kofhgbc.exe; Driver: C:\DOCUME~1\ADMIN\USTAWI~1\Temp\axtorpod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\alg.exe[468] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009C6390 .text C:\WINDOWS\System32\alg.exe[468] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009C6640 .text C:\WINDOWS\System32\alg.exe[468] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009C53D0 .text C:\WINDOWS\System32\alg.exe[468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009C5300 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C11C0 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C1290 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009C2570 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009C1000 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 009C10A0 .text C:\WINDOWS\System32\alg.exe[468] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 009C2510 .text C:\WINDOWS\System32\alg.exe[468] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009C1D10 .text C:\WINDOWS\System32\alg.exe[468] WS2_32.dll!send 71A54C27 5 Bytes JMP 009C7250 .text C:\WINDOWS\System32\alg.exe[468] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 009C2160 .text C:\WINDOWS\System32\alg.exe[468] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 009C20A0 .text C:\WINDOWS\System32\alg.exe[468] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 009C23A0 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011A6390 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011A6640 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011A53D0 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 011A5300 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011A11C0 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011A1290 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 011A2570 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 011A1000 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 011A10A0 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 011A2510 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011A1D10 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] WS2_32.dll!send 71A54C27 5 Bytes JMP 011A7250 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 011A2160 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 011A20A0 .text C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe[608] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 011A23A0 .text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A66390 .text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A66640 .text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A653D0 .text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A65300 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A611C0 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A61290 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A62570 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A61000 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00A610A0 .text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00A62510 .text C:\WINDOWS\system32\ctfmon.exe[628] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A61D10 .text C:\WINDOWS\system32\ctfmon.exe[628] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A67250 .text C:\WINDOWS\system32\ctfmon.exe[628] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00A62160 .text C:\WINDOWS\system32\ctfmon.exe[628] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00A620A0 .text C:\WINDOWS\system32\ctfmon.exe[628] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00A623A0 .text C:\WINDOWS\system32\wscntfy.exe[728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BB6390 .text C:\WINDOWS\system32\wscntfy.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BB6640 .text C:\WINDOWS\system32\wscntfy.exe[728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BB53D0 .text C:\WINDOWS\system32\wscntfy.exe[728] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BB5300 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB11C0 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB1290 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BB2570 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BB1000 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00BB10A0 .text C:\WINDOWS\system32\wscntfy.exe[728] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00BB2510 .text C:\WINDOWS\system32\wscntfy.exe[728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BB1D10 .text C:\WINDOWS\system32\wscntfy.exe[728] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BB7250 .text C:\WINDOWS\system32\wscntfy.exe[728] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00BB2160 .text C:\WINDOWS\system32\wscntfy.exe[728] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00BB20A0 .text C:\WINDOWS\system32\wscntfy.exe[728] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00BB23A0 .text C:\WINDOWS\system32\csrss.exe[800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01186390 .text C:\WINDOWS\system32\csrss.exe[800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01186640 .text C:\WINDOWS\system32\csrss.exe[800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011853D0 .text C:\WINDOWS\system32\csrss.exe[800] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01185300 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 011811C0 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 01181290 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 01182570 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01181000 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!CopyFileW 7C82F84B 5 Bytes JMP 011810A0 .text C:\WINDOWS\system32\csrss.exe[800] KERNEL32.dll!MoveFileA 7C835E8F 5 Bytes JMP 01182510 .text C:\WINDOWS\system32\csrss.exe[800] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01181D10 .text C:\WINDOWS\system32\csrss.exe[800] WS2_32.dll!send 71A54C27 5 Bytes JMP 01187250 .text C:\WINDOWS\system32\csrss.exe[800] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 01182160 .text C:\WINDOWS\system32\csrss.exe[800] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 011820A0 .text C:\WINDOWS\system32\csrss.exe[800] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 011823A0 .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01356390 .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01356640 .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013553D0 .text C:\WINDOWS\system32\winlogon.exe[824] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01355300 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013511C0 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01351290 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01352570 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01351000 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 013510A0 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 01352510 .text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01351D10 .text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!send 71A54C27 5 Bytes JMP 01357250 .text C:\WINDOWS\system32\winlogon.exe[824] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 01352160 .text C:\WINDOWS\system32\winlogon.exe[824] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 013520A0 .text C:\WINDOWS\system32\winlogon.exe[824] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 013523A0 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 001610A0 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00162510 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00162160 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 001620A0 .text C:\Documents and Settings\ADMIN\Pulpit\7kofhgbc.exe[844] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B96390 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B96640 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B953D0 .text C:\WINDOWS\system32\services.exe[868] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B95300 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B911C0 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B91290 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B92570 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B91000 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00B910A0 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00B92510 .text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B91D10 .text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B97250 .text C:\WINDOWS\system32\services.exe[868] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00B92160 .text C:\WINDOWS\system32\services.exe[868] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00B920A0 .text C:\WINDOWS\system32\services.exe[868] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00B923A0 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E96390 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E96640 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E953D0 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E95300 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E911C0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E91290 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E92570 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E91000 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00E910A0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00E92510 .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E91D10 .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E97250 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00E92160 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00E920A0 .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00E923A0 .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00C12160 .text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00C123A0 .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 037E6390 .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 037E6640 .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 037E53D0 .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 037E5300 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 037E11C0 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 037E1290 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 037E2570 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 037E1000 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 037E10A0 .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 037E2510 .text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 037E1D10 .text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!send 71A54C27 5 Bytes JMP 037E7250 .text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 037E2160 .text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 037E20A0 .text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 037E23A0 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C96390 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C96640 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C953D0 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C95300 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C911C0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C91290 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C92570 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C91000 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00C910A0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00C92510 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C91D10 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C97250 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00C92160 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00C920A0 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00C923A0 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01516390 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01516640 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015153D0 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01515300 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015111C0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01511290 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01512570 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01511000 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 015110A0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 01512510 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01511D10 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!send 71A54C27 5 Bytes JMP 01517250 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 01512160 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 015120A0 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 015123A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00156390 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00156640 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001553D0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00155300 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00151290 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00152570 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00151000 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 001510A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00152510 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] wininet.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00152160 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] wininet.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 001520A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] wininet.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 001523A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[1384] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\Program Files\Opera\Opera.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Opera\Opera.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Opera\Opera.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Opera\Opera.exe[1412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\Program Files\Opera\Opera.exe[1412] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Opera\Opera.exe[1412] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Opera\Opera.exe[1412] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00162160 .text C:\Program Files\Opera\Opera.exe[1412] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 001620A0 .text C:\Program Files\Opera\Opera.exe[1412] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 001623A0 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0D726390 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0D726640 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0D7253D0 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0D725300 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0D7211C0 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0D721290 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0D722570 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0D721000 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 0D7210A0 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 0D722510 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 0D721D10 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] WS2_32.dll!send 71A54C27 5 Bytes JMP 0D727250 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 0D722160 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 0D7220A0 .text C:\Program Files\Windows Media Player\wmplayer.exe[1432] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 0D7223A0 .text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02646390 .text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02646640 .text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 026453D0 .text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 02645300 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026411C0 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02641290 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02642570 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02641000 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 026410A0 .text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 02642510 .text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 02642160 .text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 026420A0 .text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 026423A0 .text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02641D10 .text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!send 71A54C27 5 Bytes JMP 02647250 .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E16390 .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E16640 .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E153D0 .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E15300 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E111C0 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E11290 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E12570 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E11000 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00E110A0 .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00E12510 .text C:\WINDOWS\system32\spoolsv.exe[1772] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11D10 .text C:\WINDOWS\system32\spoolsv.exe[1772] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E17250 .text C:\WINDOWS\system32\spoolsv.exe[1772] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00E12160 .text C:\WINDOWS\system32\spoolsv.exe[1772] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00E120A0 .text C:\WINDOWS\system32\spoolsv.exe[1772] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00E123A0 .text C:\WINDOWS\system32\acs.exe[1812] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02DD6390 .text C:\WINDOWS\system32\acs.exe[1812] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02DD6640 .text C:\WINDOWS\system32\acs.exe[1812] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02DD53D0 .text C:\WINDOWS\system32\acs.exe[1812] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 02DD5300 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02DD11C0 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02DD1290 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02DD2570 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02DD1000 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 02DD10A0 .text C:\WINDOWS\system32\acs.exe[1812] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 02DD2510 .text C:\WINDOWS\system32\acs.exe[1812] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02DD1D10 .text C:\WINDOWS\system32\acs.exe[1812] WS2_32.dll!send 71A54C27 5 Bytes JMP 02DD7250 .text C:\WINDOWS\system32\acs.exe[1812] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 02DD2160 .text C:\WINDOWS\system32\acs.exe[1812] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 02DD20A0 .text C:\WINDOWS\system32\acs.exe[1812] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 02DD23A0 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C26390 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C26640 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C253D0 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C25300 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C21290 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C22570 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C21000 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00C210A0 .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00C22510 .text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00C22160 .text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00C220A0 .text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00C223A0 .text C:\WINDOWS\system32\svchost.exe[1864] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\WINDOWS\system32\svchost.exe[1864] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C27250 .text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F66390 .text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F66640 .text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F653D0 .text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F65300 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F611C0 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F61290 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F62570 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F61000 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00F610A0 .text C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00F62510 .text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F61D10 .text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F67250 .text C:\WINDOWS\System32\svchost.exe[2544] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00F62160 .text C:\WINDOWS\System32\svchost.exe[2544] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00F620A0 .text C:\WINDOWS\System32\svchost.exe[2544] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00F623A0 .text C:\WINDOWS\system32\msiexec.exe[2920] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BB6390 .text C:\WINDOWS\system32\msiexec.exe[2920] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BB6640 .text C:\WINDOWS\system32\msiexec.exe[2920] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BB53D0 .text C:\WINDOWS\system32\msiexec.exe[2920] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BB5300 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB11C0 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB1290 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BB2570 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BB1000 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 00BB10A0 .text C:\WINDOWS\system32\msiexec.exe[2920] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00BB2510 .text C:\WINDOWS\system32\msiexec.exe[2920] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BB1D10 .text C:\WINDOWS\system32\msiexec.exe[2920] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BB7250 .text C:\WINDOWS\system32\msiexec.exe[2920] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00BB2160 .text C:\WINDOWS\system32\msiexec.exe[2920] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 00BB20A0 .text C:\WINDOWS\system32\msiexec.exe[2920] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 00BB23A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00156390 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00156640 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001553D0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00155300 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] ntdll.dll!DbgUiRemoteBreakin 7C951E63 5 Bytes JMP 7C81CB12 C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00151290 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00152570 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00151000 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!CopyFileW 7C82F84B 5 Bytes JMP 001510A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] kernel32.dll!MoveFileA 7C835E8F 5 Bytes JMP 00152510 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] WININET.dll!HttpSendRequestW 3FD0FB9E 5 Bytes JMP 00152160 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] WININET.dll!HttpSendRequestA 3FD1EEB9 5 Bytes JMP 001520A0 .text C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe[3644] WININET.dll!InternetWriteFile 3FD660EE 5 Bytes JMP 001523A0 ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Fdbabf C:\Documents and Settings\ADMIN\Dane aplikacji\Fdbabf.exe ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\ADMIN\Dane aplikacji\Fdbabf.exe 168030 bytes executable File C:\Documents and Settings\ADMIN\Pulpit\ggsetup.exe (size mismatch) 2032940/2992756 bytes executable ---- EOF - GMER 1.0.15 ----