GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-27 22:35:41 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9SA00 rev.MB4OC60R Running: 5ru9j688.exe; Driver: C:\DOCUME~1\ANTENKA\USTAWI~1\Temp\uxtorpog.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x53 0xFB 0xEF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x53 0xFB 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x53 0xFB 0xEF ... ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\alg.exe[3188] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wscntfy.exe[3704] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 000A2160 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00162160 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00162160 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00162160 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00162160 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00752160 .text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 007E2160 .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00842160 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 008E2160 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00962160 .text C:\WINDOWS\system32\ZoomingHook.exe[544] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00972160 .text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00982160 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00982160 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 009A2160 .text C:\WINDOWS\system32\TPSBattM.exe[1496] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 009B2160 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 009D2160 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 009D2160 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A22160 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A32160 .text C:\WINDOWS\system32\spoolsv.exe[1948] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A42160 .text C:\WINDOWS\system32\TODDSrv.exe[820] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A52160 .text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00A52160 .text C:\WINDOWS\AGRSMMSG.exe[948] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00BA2160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00C12160 .text C:\WINDOWS\system32\hkcmd.exe[824] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00C82160 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00D02160 .text C:\WINDOWS\system32\igfxpers.exe[800] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00D02160 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00E32160 .text C:\WINDOWS\system32\igfxtray.exe[776] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00E72160 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00F52160 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00FD2160 .text C:\WINDOWS\system32\services.exe[1036] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01262160 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 012F2160 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 01332160 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 018B2160 .text C:\WINDOWS\system32\winlogon.exe[992] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 019E2160 .text C:\WINDOWS\system32\wuauclt.exe[1572] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 02522160 .text C:\WINDOWS\system32\csrss.exe[964] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 02922160 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 02BE2160 .text C:\WINDOWS\RTHDCPL.EXE[700] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 03FD2160 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 06302160 .text C:\WINDOWS\System32\alg.exe[3188] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wscntfy.exe[3704] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 000A20A0 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 001620A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 001620A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 001620A0 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 001620A0 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 007520A0 .text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 007E20A0 .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 008420A0 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 008E20A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009620A0 .text C:\WINDOWS\system32\ZoomingHook.exe[544] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009720A0 .text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009820A0 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009820A0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009A20A0 .text C:\WINDOWS\system32\TPSBattM.exe[1496] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009B20A0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009D20A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 009D20A0 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A220A0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\spoolsv.exe[1948] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A420A0 .text C:\WINDOWS\system32\TODDSrv.exe[820] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00A520A0 .text C:\WINDOWS\AGRSMMSG.exe[948] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00BA20A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\hkcmd.exe[824] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00C820A0 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00D020A0 .text C:\WINDOWS\system32\igfxpers.exe[800] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00D020A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00E320A0 .text C:\WINDOWS\system32\igfxtray.exe[776] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00E720A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00F520A0 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00FD20A0 .text C:\WINDOWS\system32\services.exe[1036] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 012620A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 012F20A0 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 013320A0 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 018B20A0 .text C:\WINDOWS\system32\winlogon.exe[992] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 019E20A0 .text C:\WINDOWS\system32\wuauclt.exe[1572] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 025220A0 .text C:\WINDOWS\system32\csrss.exe[964] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 029220A0 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 02BE20A0 .text C:\WINDOWS\RTHDCPL.EXE[700] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 03FD20A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 063020A0 .text C:\WINDOWS\System32\alg.exe[3188] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wscntfy.exe[3704] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 000A23A0 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 001623A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 001623A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 001623A0 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 007523A0 .text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 007E23A0 .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 008423A0 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 008E23A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009623A0 .text C:\WINDOWS\system32\ZoomingHook.exe[544] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009723A0 .text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009823A0 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009823A0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009A23A0 .text C:\WINDOWS\system32\TPSBattM.exe[1496] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009B23A0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009D23A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 009D23A0 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A223A0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\spoolsv.exe[1948] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A423A0 .text C:\WINDOWS\system32\TODDSrv.exe[820] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A523A0 .text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00A523A0 .text C:\WINDOWS\AGRSMMSG.exe[948] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00BA23A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00C123A0 .text C:\WINDOWS\system32\hkcmd.exe[824] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00C823A0 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00D023A0 .text C:\WINDOWS\system32\igfxpers.exe[800] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00D023A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00E323A0 .text C:\WINDOWS\system32\igfxtray.exe[776] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00E723A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00F523A0 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 00FD23A0 .text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 012623A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 012F23A0 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 013323A0 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 018B23A0 .text C:\WINDOWS\system32\winlogon.exe[992] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 019E23A0 .text C:\WINDOWS\system32\wuauclt.exe[1572] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 025223A0 .text C:\WINDOWS\system32\csrss.exe[964] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 029223A0 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 02BE23A0 .text C:\WINDOWS\RTHDCPL.EXE[700] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 03FD23A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WININET.dll!InternetWriteFile 3FD660F6 5 Bytes JMP 063023A0 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\ANTENKA\Dane aplikacji\Dqgqgt.exe 483910 bytes ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\alg.exe[3188] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wscntfy.exe[3704] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00751D10 .text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007E1D10 .text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00841D10 .text C:\WINDOWS\system32\svchost.exe[728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008E1D10 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00961D10 .text C:\WINDOWS\system32\ZoomingHook.exe[544] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text C:\WINDOWS\system32\svchost.exe[128] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00981D10 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00981D10 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009A1D10 .text C:\WINDOWS\system32\TPSBattM.exe[1496] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009B1D10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009D1D10 .text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A21D10 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\spoolsv.exe[1948] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A41D10 .text C:\WINDOWS\system32\TODDSrv.exe[820] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\AGRSMMSG.exe[948] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BA1D10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\hkcmd.exe[824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C81D10 .text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D01D10 .text C:\WINDOWS\system32\igfxpers.exe[800] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D01D10 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E31D10 .text C:\WINDOWS\system32\igfxtray.exe[776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E71D10 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F51D10 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FD1D10 .text C:\WINDOWS\system32\services.exe[1036] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01261D10 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012F1D10 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01331D10 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 018B1D10 .text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019E1D10 .text C:\WINDOWS\system32\wuauclt.exe[1572] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02521D10 .text C:\WINDOWS\system32\csrss.exe[964] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02921D10 .text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02BE1D10 .text C:\WINDOWS\RTHDCPL.EXE[700] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03FD1D10 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 06301D10 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WS2_32.dll!send 71A5428A 3 Bytes JMP 06307250 .text C:\WINDOWS\System32\alg.exe[3188] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wscntfy.exe[3704] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A7250 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] WS2_32.dll!send 71A5428A 5 Bytes JMP 00167250 .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!send 71A5428A 5 Bytes JMP 00757250 .text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!send 71A5428A 5 Bytes JMP 007E7250 .text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71A5428A 5 Bytes JMP 00847250 .text C:\WINDOWS\system32\svchost.exe[728] WS2_32.dll!send 71A5428A 5 Bytes JMP 008E7250 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] WS2_32.dll!send 71A5428A 5 Bytes JMP 00967250 .text C:\WINDOWS\system32\ZoomingHook.exe[544] WS2_32.dll!send 71A5428A 5 Bytes JMP 00977250 .text C:\WINDOWS\system32\svchost.exe[128] WS2_32.dll!send 71A5428A 5 Bytes JMP 00987250 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] WS2_32.dll!send 71A5428A 5 Bytes JMP 00987250 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] WS2_32.dll!send 71A5428A 5 Bytes JMP 009A7250 .text C:\WINDOWS\system32\TPSBattM.exe[1496] WS2_32.dll!send 71A5428A 5 Bytes JMP 009B7250 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] WS2_32.dll!send 71A5428A 5 Bytes JMP 009D7250 .text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A27250 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\spoolsv.exe[1948] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A47250 .text C:\WINDOWS\system32\TODDSrv.exe[820] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A57250 .text C:\WINDOWS\AGRSMMSG.exe[948] WS2_32.dll!send 71A5428A 5 Bytes JMP 00BA7250 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C17250 .text C:\WINDOWS\system32\hkcmd.exe[824] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C87250 .text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D07250 .text C:\WINDOWS\system32\igfxpers.exe[800] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D07250 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E37250 .text C:\WINDOWS\system32\igfxtray.exe[776] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E77250 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F57250 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] WS2_32.dll!send 71A5428A 5 Bytes JMP 00FD7250 .text C:\WINDOWS\system32\services.exe[1036] WS2_32.dll!send 71A5428A 5 Bytes JMP 01267250 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] WS2_32.dll!send 71A5428A 5 Bytes JMP 012F7250 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] WS2_32.dll!send 71A5428A 5 Bytes JMP 01337250 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] WS2_32.dll!send 71A5428A 5 Bytes JMP 018B7250 .text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!send 71A5428A 5 Bytes JMP 019E7250 .text C:\WINDOWS\system32\wuauclt.exe[1572] WS2_32.dll!send 71A5428A 5 Bytes JMP 02527250 .text C:\WINDOWS\system32\csrss.exe[964] WS2_32.dll!send 71A5428A 5 Bytes JMP 02927250 .text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!send 71A5428A 5 Bytes JMP 02BE7250 .text C:\WINDOWS\RTHDCPL.EXE[700] WS2_32.dll!send 71A5428A 5 Bytes JMP 03FD7250 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] WS2_32.dll!send + 4 71A5428E 1 Byte [94] .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007511C0 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007E11C0 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008411C0 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E11C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009611C0 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009711C0 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009811C0 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009811C0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009A11C0 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009B11C0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D11C0 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A211C0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A411C0 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A511C0 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BA11C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C811C0 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D011C0 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D011C0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E311C0 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E711C0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F511C0 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FD11C0 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012611C0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012F11C0 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013311C0 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 018B11C0 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 019E11C0 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 025211C0 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 029211C0 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02BE11C0 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03FD11C0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 063011C0 .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 000A1290 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00161290 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00751290 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007E1290 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00841290 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008E1290 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00961290 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00971290 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00981290 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00981290 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009A1290 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009B1290 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D1290 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D1290 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A21290 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A41290 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A51290 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BA1290 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C81290 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D01290 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D01290 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E31290 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E71290 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F51290 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FD1290 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01261290 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 012F1290 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01331290 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 018B1290 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 019E1290 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02521290 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!CreateFileW 7C810770 5 Bytes JMP 02921290 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02BE1290 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 03FD1290 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 06301290 .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 000A2570 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00162570 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00752570 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007E2570 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00842570 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 008E2570 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00962570 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00972570 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00982570 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00982570 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009A2570 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009B2570 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009D2570 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 009D2570 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A22570 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A42570 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00A52570 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00BA2570 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00C82570 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00D02570 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00D02570 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00E32570 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00E72570 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00F52570 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00FD2570 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01262570 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 012F2570 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 01332570 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 018B2570 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 019E2570 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 02522570 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!MoveFileW 7C821271 5 Bytes JMP 02922570 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 02BE2570 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 03FD2570 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 06302570 .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 000A1000 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00161000 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00751000 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007E1000 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00841000 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 008E1000 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00961000 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00971000 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00981000 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00981000 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009A1000 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009B1000 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009D1000 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 009D1000 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A21000 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A41000 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00A51000 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00BA1000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00C81000 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00D01000 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00D01000 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00E31000 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00E71000 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00F51000 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00FD1000 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01261000 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 012F1000 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 01331000 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 018B1000 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 019E1000 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02521000 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02921000 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 02BE1000 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 03FD1000 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 06301000 .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 000A10A0 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 001610A0 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007510A0 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007E10A0 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008410A0 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008E10A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009610A0 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009710A0 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009810A0 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009810A0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009A10A0 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009B10A0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009D10A0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 009D10A0 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A210A0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A410A0 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00A510A0 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00BA10A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00C810A0 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00D010A0 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00D010A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00E310A0 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00E710A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00F510A0 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00FD10A0 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 012610A0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 012F10A0 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 013310A0 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 018B10A0 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 019E10A0 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 025210A0 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!CopyFileW 7C82F88F 5 Bytes JMP 029210A0 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 02BE10A0 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 03FD10A0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 063010A0 .text C:\WINDOWS\System32\alg.exe[3188] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wscntfy.exe[3704] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 000A2510 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00162510 .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00752510 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007E2510 .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00842510 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008E2510 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00962510 .text C:\WINDOWS\system32\ZoomingHook.exe[544] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00972510 .text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00982510 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00982510 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009A2510 .text C:\WINDOWS\system32\TPSBattM.exe[1496] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009B2510 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009D2510 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 009D2510 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A22510 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\spoolsv.exe[1948] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A42510 .text C:\WINDOWS\system32\TODDSrv.exe[820] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00A52510 .text C:\WINDOWS\AGRSMMSG.exe[948] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00BA2510 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\hkcmd.exe[824] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00C82510 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00D02510 .text C:\WINDOWS\system32\igfxpers.exe[800] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00D02510 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00E32510 .text C:\WINDOWS\system32\igfxtray.exe[776] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00E72510 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00F52510 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00FD2510 .text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01262510 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 012F2510 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 01332510 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 018B2510 .text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 019E2510 .text C:\WINDOWS\system32\wuauclt.exe[1572] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02522510 .text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02922510 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 02BE2510 .text C:\WINDOWS\RTHDCPL.EXE[700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 03FD2510 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 06302510 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWS\System32\alg.exe[3188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wscntfy.exe[3704] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00756390 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007E6390 .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00846390 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008E6390 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00966390 .text C:\WINDOWS\system32\ZoomingHook.exe[544] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00976390 .text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00986390 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00986390 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009A6390 .text C:\WINDOWS\system32\TPSBattM.exe[1496] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009B6390 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009D6390 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009D6390 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A26390 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A46390 .text C:\WINDOWS\system32\TODDSrv.exe[820] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A56390 .text C:\WINDOWS\AGRSMMSG.exe[948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BA6390 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\hkcmd.exe[824] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C86390 .text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D06390 .text C:\WINDOWS\system32\igfxpers.exe[800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D06390 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E36390 .text C:\WINDOWS\system32\igfxtray.exe[776] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E76390 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F56390 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00FD6390 .text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01266390 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012F6390 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01336390 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 018B6390 .text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019E6390 .text C:\WINDOWS\system32\wuauclt.exe[1572] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02526390 .text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02926390 .text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02BE6390 .text C:\WINDOWS\RTHDCPL.EXE[700] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03FD6390 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 06306390 .text C:\WINDOWS\System32\alg.exe[3188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wscntfy.exe[3704] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00756640 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007E6640 .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00846640 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008E6640 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00966640 .text C:\WINDOWS\system32\ZoomingHook.exe[544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00976640 .text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00986640 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00986640 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009A6640 .text C:\WINDOWS\system32\TPSBattM.exe[1496] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009B6640 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009D6640 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009D6640 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A26640 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A46640 .text C:\WINDOWS\system32\TODDSrv.exe[820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A56640 .text C:\WINDOWS\AGRSMMSG.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BA6640 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\hkcmd.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C86640 .text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D06640 .text C:\WINDOWS\system32\igfxpers.exe[800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D06640 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E36640 .text C:\WINDOWS\system32\igfxtray.exe[776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E76640 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F56640 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FD6640 .text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01266640 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012F6640 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01336640 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 018B6640 .text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019E6640 .text C:\WINDOWS\system32\wuauclt.exe[1572] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02526640 .text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02926640 .text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02BE6640 .text C:\WINDOWS\RTHDCPL.EXE[700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03FD6640 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 06306640 .text C:\WINDOWS\System32\alg.exe[3188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wscntfy.exe[3704] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007553D0 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007E53D0 .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008453D0 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008E53D0 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009653D0 .text C:\WINDOWS\system32\ZoomingHook.exe[544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009753D0 .text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009853D0 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009853D0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009A53D0 .text C:\WINDOWS\system32\TPSBattM.exe[1496] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009B53D0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009D53D0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009D53D0 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A253D0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A453D0 .text C:\WINDOWS\system32\TODDSrv.exe[820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A553D0 .text C:\WINDOWS\AGRSMMSG.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BA53D0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\hkcmd.exe[824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C853D0 .text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D053D0 .text C:\WINDOWS\system32\igfxpers.exe[800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D053D0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E353D0 .text C:\WINDOWS\system32\igfxtray.exe[776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E753D0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F553D0 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00FD53D0 .text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012653D0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012F53D0 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013353D0 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 018B53D0 .text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019E53D0 .text C:\WINDOWS\system32\wuauclt.exe[1572] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 025253D0 .text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 029253D0 .text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02BE53D0 .text C:\WINDOWS\RTHDCPL.EXE[700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03FD53D0 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 063053D0 .text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!LdrLoadDll 7C915CD3 3 Bytes JMP 02925300 .text C:\WINDOWS\System32\alg.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wscntfy.exe[3704] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4092] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A5300 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2924] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3124] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3344] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\Documents and Settings\ANTENKA\Pulpit\5ru9j688.exe[3448] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00165300 .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00755300 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007E5300 .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00845300 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 008E5300 .text C:\Program Files\Bonjour\mDNSResponder.exe[252] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00965300 .text C:\WINDOWS\system32\ZoomingHook.exe[544] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00975300 .text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00985300 .text C:\WINDOWS\system32\TCtrlIOHook.exe[676] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00985300 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[560] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009A5300 .text C:\WINDOWS\system32\TPSBattM.exe[1496] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009B5300 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009D5300 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[624] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009D5300 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A25300 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A45300 .text C:\WINDOWS\system32\TODDSrv.exe[820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A55300 .text C:\WINDOWS\AGRSMMSG.exe[948] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BA5300 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1372] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\hkcmd.exe[824] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C85300 .text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00D05300 .text C:\WINDOWS\system32\igfxpers.exe[800] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00D05300 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E35300 .text C:\WINDOWS\system32\igfxtray.exe[776] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E75300 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[484] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F55300 .text C:\PROGRA~1\MI3AA1~1\wcescomm.exe[1576] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00FD5300 .text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01265300 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1444] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 012F5300 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01335300 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1656] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 018B5300 .text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 019E5300 .text C:\WINDOWS\system32\wuauclt.exe[1572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 02525300 .text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 02BE5300 .text C:\WINDOWS\RTHDCPL.EXE[700] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 03FD5300 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 06305300 .text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!LdrLoadDll + 4 7C915CD7 1 Byte [86] ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Dqgqgt C:\Documents and Settings\ANTENKA\Dane aplikacji\Dqgqgt.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\ANTENKA\Dane aplikacji\Dqgqgt.exe Dqgqgt ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\ComboFix\WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe Samorozpakowuj?cy si? plik typu .cab Win32 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@netshell.dll,-12001 Uruchamia Kreatora nowego po??czenia, kt?ry pomaga utworzy? po??czenie z Internetem, z innym komputerem lub z sieci? w miejscu pracy. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-28964 Wybrana zosta?a opcja wy?wietlania chronionych plik?w systemu operacyjnego (pliki z atrybutami Systemowy i Ukryty) w Eksploratorze Windows. S? to pliki wymagane do uruchamiania i pracy systemu Windows. Usuni?cie lub edycja tych plik?w mog? spowodowa? niemo?no?? korzystania z komputera. Czy na pewno chcesz wy?wietla? te pliki? ---- EOF - GMER 1.0.15 ----