GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-08 22:08:00 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000005e WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: f2to9wlf.exe; Driver: C:\DOCUME~1\KRZYSI~1\USTAWI~1\Temp\kwndrpob.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xB3E3F160] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xB3E3E868] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xB3E3B320] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xB3E3DE90] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xB3E3DD9C] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xB3E3E3FC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xB3E3F210] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xB3E3B786] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xB3E3B846] SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xBA1DA01C] SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xBA1DA168] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xB3E3EB54] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xB3E3B5CA] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xB3E3E4EC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xB3E3EE8C] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xB3E3B9BC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xB3E3EDE0] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C70 80504568 4 Bytes [68, E8, E3, B3] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9075360, 0x34CDBF, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[592] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetConnectA 3FD0DEBE 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetConnectW 3FD0F872 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[592] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[592] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[592] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[592] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\RUNDLL32.EXE[816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\RUNDLL32.EXE[816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\WINDOWS\RTHDCPL.EXE[828] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\WINDOWS\RTHDCPL.EXE[828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\RTHDCPL.EXE[828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!WinExec 7C862585 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[1012] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[1012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!socket 71A54211 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!bind 71A54480 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[1012] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[1056] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[1076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[1076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1076] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[1076] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[1076] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[1356] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[1356] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[1356] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Krzysiekk\Moje dokumenty\Downloads\f2to9wlf.exe[1384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1460] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1460] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1460] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1460] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetConnectA 3FD0DEBE 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetConnectW 3FD0F872 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1460] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1824] WS2_32.dll!socket 71A54211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1824] WS2_32.dll!bind 71A54480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1824] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[1952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WS2_32.dll!socket 71A54211 5 Bytes JMP 001308C4 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WS2_32.dll!bind 71A54480 5 Bytes JMP 00130838 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00130950 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetConnectA 3FD0DEBE 5 Bytes JMP 00130F54 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetConnectW 3FD0F872 5 Bytes JMP 00130FE0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 00130D24 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 00130DB0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 00130E3C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2064] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 00130EC8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BE32 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BEA3 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BFD1 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, E8, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CF56 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CFC7 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D0F5 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, F9, 00] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0013057C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0013034C .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00130464 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00130608 .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateThread 7C810707 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateProcessInternalW 7C819EA8 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!CreateProcessInternalA 7C81DC46 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!WinExec 7C862585 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[3772] kernel32.dll!SetThreadContext 7C863C81 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[3772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[3772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720 ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00FE0010 IAT C:\Documents and Settings\Krzysiekk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2732] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01100010 ---- EOF - GMER 2.0 ----