GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-06 14:32:28 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005d ST3320620AS rev.3.AAK Running: 454353.exe; Driver: C:\DOCUME~1\Waldek\USTAWI~1\Temp\kfwdifob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB93C5360, 0x35DA8D, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[164] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2001D268 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2001D583 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2001D872 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!send 71A54C27 5 Bytes JMP 2001D21A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2001D6D6 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2001D51E .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2001D5EE .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2001D7A1 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[228] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2001D65F .text C:\WINDOWS\TBPanel.exe[272] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\TBPanel.exe[272] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\TBPanel.exe[272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\TBPanel.exe[272] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[316] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\Rundll32.exe[412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\Rundll32.exe[412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\Rundll32.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\Rundll32.exe[412] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2001DF3E .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2001E99E .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2001E9CB .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2001E8E3 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2001E5C4 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2001DEAA .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2001E9F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2001DE1E .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2001DF11 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2001DEDF .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2001E7C8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2001E721 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2001EA1F .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[420] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2001DE64 .text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\RUNDLL32.EXE[452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\RUNDLL32.EXE[452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\RUNDLL32.EXE[452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\RUNDLL32.EXE[452] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[476] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[492] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[520] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\!!!rootkis\454353.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\!!!rootkis\454353.exe[556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\!!!rootkis\454353.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\!!!rootkis\454353.exe[556] user32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2001DF3E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2001E99E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2001E9CB .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2001E8E3 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2001E5C4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2001DEAA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2001E9F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2001DE1E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2001DF11 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2001DEDF .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2001E7C8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2001E721 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2001EA1F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[584] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2001DE64 ? C:\WINDOWS\System32\smss.exe[608] time/date stamp mismatch; .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[624] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\system32\csrss.exe[660] time/date stamp mismatch; unknown module: CSRSRV.dll .text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\csrss.exe[660] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 ? C:\WINDOWS\system32\winlogon.exe[684] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\services.exe[728] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\services.exe[728] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\WINDOWS\system32\ctfmon.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\ctfmon.exe[808] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\ctfmon.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\ctfmon.exe[808] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\system32\svchost.exe[908] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\svchost.exe[956] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1000] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1000] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1000] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\System32\svchost.exe[1052] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2004DF3E .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2004E99E .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2004E9CB .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2004E8E3 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2004E5C4 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2004DEAA .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2004E9F8 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2004DE1E .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2004DF11 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2004DEDF .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2004E7C8 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2004E721 .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2004EA1F .text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2004DE64 ? C:\WINDOWS\system32\svchost.exe[1172] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\svchost.exe[1188] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\system32\svchost.exe[1248] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2004DF3E .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2004E99E .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2004E9CB .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2004E8E3 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2004E5C4 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2004DEAA .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2004E9F8 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2004DE1E .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2004DF11 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2004DEDF .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2004E7C8 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2004E721 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2004EA1F .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2004DE64 .text C:\WINDOWS\system32\CTsvcCDA.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\CTsvcCDA.exe[1260] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\CTsvcCDA.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\CTsvcCDA.exe[1260] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\spoolsv.exe[1416] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2001D268 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2001D583 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2001D872 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!send 71A54C27 5 Bytes JMP 2001D21A .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2001D6D6 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2001D51E .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2001D5EE .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2001D7A1 .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2001D65F .text C:\Program Files\Java\jre6\bin\jqs.exe[1548] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\System32\svchost.exe[1564] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\System32\svchost.exe[1564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\System32\svchost.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\System32\svchost.exe[1564] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1596] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1596] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 ? C:\WINDOWS\Explorer.EXE[1692] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\Explorer.EXE[1692] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2004DF3E .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2004E99E .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2004E9CB .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2004E8E3 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2004E5C4 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2004DEAA .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2004E9F8 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2004DE1E .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2004DF11 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2004DEDF .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2004E7C8 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2004E721 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2004EA1F .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2004DE64 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!sendto 71A52F51 5 Bytes JMP 2004D268 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2004D583 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2004D872 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!send 71A54C27 5 Bytes JMP 2004D21A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2004D6D6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!recv 71A5676F 5 Bytes JMP 2004D51E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 2004D5EE .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2004D7A1 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1728] ws2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2004D65F .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1736] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\nvsvc32.exe[1880] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2124] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2001D268 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2001D583 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2001D872 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!send 71A54C27 5 Bytes JMP 2001D21A .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2001D6D6 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2001D51E .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2001D5EE .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2001D7A1 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2212] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2001D65F ? C:\WINDOWS\system32\svchost.exe[2624] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[2624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\svchost.exe[2624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\svchost.exe[2624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\svchost.exe[2624] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2001D268 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2001D583 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2001D872 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!send 71A54C27 5 Bytes JMP 2001D21A .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2001D6D6 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2001D51E .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2001D5EE .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2001D7A1 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2936] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2001D65F .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2004FBB8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2004C805 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetCloseHandle 3FD04261 5 Bytes JMP 2004DF3E .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpOpenRequestA 3FD0AA5B 5 Bytes JMP 2004E99E .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpOpenRequestW 3FD0C47A 5 Bytes JMP 2004E9CB .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetReadFile 3FD113D4 5 Bytes JMP 2004E8E3 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetQueryDataAvailable 3FD11615 5 Bytes JMP 2004E5C4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpSendRequestA 3FD13558 5 Bytes JMP 2004DEAA .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetOpenUrlA 3FD16F5A 5 Bytes JMP 2004E9F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpSendRequestExW 3FD18C49 5 Bytes JMP 2004DE1E .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetWriteFile 3FD18D5C 5 Bytes JMP 2004DF11 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpSendRequestW 3FD1FDF9 5 Bytes JMP 2004DEDF .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetReadFileExW 3FD2334C 5 Bytes JMP 2004E7C8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetReadFileExA 3FD23384 5 Bytes JMP 2004E721 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!InternetOpenUrlW 3FD58471 5 Bytes JMP 2004EA1F .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3252] WININET.dll!HttpSendRequestExA 3FD6A966 5 Bytes JMP 2004DE64 .text C:\WINDOWS\system32\msiexec.exe[3336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\msiexec.exe[3336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\msiexec.exe[3336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\msiexec.exe[3336] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\System32\alg.exe[3832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\System32\alg.exe[3832] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\System32\alg.exe[3832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\System32\alg.exe[3832] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 2001C805 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 2001D268 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 2001D583 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2001D872 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!send 71A54C27 5 Bytes JMP 2001D21A .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2001D6D6 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2001D51E .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2001D5EE .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 2001D7A1 .text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 2001D65F ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- Files - GMER 1.0.15 ---- File C:\Program Files\scjyquqh\wwyktauk.exe 156038 bytes executable File C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\wwyktauk.exe 156038 bytes executable File C:\Documents and Settings\Waldek\Menu Start\Programy\Autostart\wwyktauk.exe 156038 bytes executable File C:\Documents and Settings\Waldek\Recent\podatek od nieruch.lnk 694 bytes ---- EOF - GMER 1.0.15 ----