GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-30 18:11:49 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1654N rev.BV100-45 149,05GB Running: wmmke30b.exe; Driver: C:\DOCUME~1\RYSZAR~1\USTAWI~1\Temp\ufrorpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D96390 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D96640 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D953D0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D95300 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D911C0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D91290 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D92570 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D91000 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D910A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D92510 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D91D10 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D97250 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00D92160 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00D920A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[188] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00D923A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E56390 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E56640 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E553D0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E55300 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E511C0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E51290 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E52570 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E51000 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E510A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E52510 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E51D10 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E57250 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E52160 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E520A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[212] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E523A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03B76390 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03B76640 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03B753D0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03B75300 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03B711C0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03B71290 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03B72570 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03B71000 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 03B710A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03B72510 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03B71D10 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] WS2_32.dll!send 71A54C27 5 Bytes JMP 03B77250 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 03B72160 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 03B720A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[372] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 03B723A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019D6390 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019D6640 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019D53D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 019D5300 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019D11C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019D1290 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 019D2570 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 019D1000 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019D10A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 019D2510 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019D1D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] WS2_32.dll!send 71A54C27 5 Bytes JMP 019D7250 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 019D2160 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 019D20A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[516] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 019D23A0 .text C:\WINDOWS\system32\lxddcoms.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F46390 .text C:\WINDOWS\system32\lxddcoms.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F46640 .text C:\WINDOWS\system32\lxddcoms.exe[640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F453D0 .text C:\WINDOWS\system32\lxddcoms.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F45300 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F411C0 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F41290 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F42570 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F41000 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F410A0 .text C:\WINDOWS\system32\lxddcoms.exe[640] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F42510 .text C:\WINDOWS\system32\lxddcoms.exe[640] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F41D10 .text C:\WINDOWS\system32\lxddcoms.exe[640] ws2_32.dll!send 71A54C27 5 Bytes JMP 00F47250 .text C:\WINDOWS\system32\lxddcoms.exe[640] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F42160 .text C:\WINDOWS\system32\lxddcoms.exe[640] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F420A0 .text C:\WINDOWS\system32\lxddcoms.exe[640] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F423A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 015F6390 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 015F6640 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015F53D0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015F5300 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 015F1290 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 015F2570 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 015F1000 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015F10A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 015F2510 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 015F1D10 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] WS2_32.dll!send 71A54C27 5 Bytes JMP 015F7250 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 015F2160 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 015F20A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[824] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 015F23A0 .text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01256390 .text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01256640 .text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012553D0 .text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01255300 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 012511C0 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 01251290 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 01252570 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01251000 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012510A0 .text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01252510 .text C:\WINDOWS\system32\csrss.exe[876] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01251D10 .text C:\WINDOWS\system32\csrss.exe[876] WS2_32.dll!send 71A54C27 5 Bytes JMP 01257250 .text C:\WINDOWS\system32\csrss.exe[876] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01252160 .text C:\WINDOWS\system32\csrss.exe[876] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 012520A0 .text C:\WINDOWS\system32\csrss.exe[876] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 012523A0 .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01476390 .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01476640 .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014753D0 .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01475300 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014711C0 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01471290 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01472570 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01471000 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014710A0 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01472510 .text C:\WINDOWS\system32\winlogon.exe[904] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[904] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01471D10 .text C:\WINDOWS\system32\winlogon.exe[904] WS2_32.dll!send 71A54C27 5 Bytes JMP 01477250 .text C:\WINDOWS\system32\winlogon.exe[904] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01472160 .text C:\WINDOWS\system32\winlogon.exe[904] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 014720A0 .text C:\WINDOWS\system32\winlogon.exe[904] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 014723A0 .text D:\wmmke30b.exe[920] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00176390 .text D:\wmmke30b.exe[920] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00176640 .text D:\wmmke30b.exe[920] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001753D0 .text D:\wmmke30b.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00175300 .text D:\wmmke30b.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001711C0 .text D:\wmmke30b.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00171290 .text D:\wmmke30b.exe[920] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00172570 .text D:\wmmke30b.exe[920] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00171000 .text D:\wmmke30b.exe[920] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001710A0 .text D:\wmmke30b.exe[920] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00172510 .text D:\wmmke30b.exe[920] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00171D10 .text D:\wmmke30b.exe[920] WS2_32.dll!send 71A54C27 5 Bytes JMP 00177250 .text D:\wmmke30b.exe[920] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00172160 .text D:\wmmke30b.exe[920] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001720A0 .text D:\wmmke30b.exe[920] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001723A0 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03746390 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03746640 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 037453D0 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03745300 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 037411C0 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 03741290 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 03742570 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03741000 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 037410A0 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03742510 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03741D10 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] ws2_32.dll!send 71A54C27 5 Bytes JMP 03747250 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 03742160 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 037420A0 .text C:\Program Files\Lexmark 2500 Series\lxddamon.exe[948] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 037423A0 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA6390 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EA6640 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EA53D0 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EA5300 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA11C0 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA1290 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EA2570 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EA1000 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EA10A0 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EA2510 .text C:\WINDOWS\system32\services.exe[976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EA1D10 .text C:\WINDOWS\system32\services.exe[976] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EA7250 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00EA2160 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00EA20A0 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00EA23A0 .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02516390 .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02516640 .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 025153D0 .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02515300 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025111C0 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02511290 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02512570 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02511000 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 025110A0 .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02512510 .text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02511D10 .text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!send 71A54C27 5 Bytes JMP 02517250 .text C:\WINDOWS\system32\svchost.exe[1164] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02512160 .text C:\WINDOWS\system32\svchost.exe[1164] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 025120A0 .text C:\WINDOWS\system32\svchost.exe[1164] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 025123A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006A6390 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006A6640 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006A53D0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006A5300 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006A11C0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006A1290 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006A2570 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006A1000 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006A10A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006A2510 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006A1D10 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] WS2_32.dll!send 71A54C27 5 Bytes JMP 006A7250 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 006A2160 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 006A20A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[1196] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 006A23A0 .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D36390 .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D36640 .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D353D0 .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D35300 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D311C0 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D31290 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D32570 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D31000 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D310A0 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D32510 .text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D31D10 .text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D37250 .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00D32160 .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00D320A0 .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00D323A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A6390 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A6640 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008A53D0 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A5300 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A11C0 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A1290 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008A2570 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008A1000 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008A10A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008A2510 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008A1D10 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] WS2_32.dll!send 71A54C27 5 Bytes JMP 008A7250 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 008A2160 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 008A20A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1280] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 008A23A0 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009C6390 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009C6640 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009C53D0 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009C5300 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C11C0 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C1290 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009C2570 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009C1000 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009C10A0 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009C2510 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009C1D10 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] WS2_32.dll!send 71A54C27 5 Bytes JMP 009C7250 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009C2160 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009C20A0 .text C:\WINDOWS\system32\PnkBstrB.exe[1300] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009C23A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B52160 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B520A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1324] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B523A0 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02886390 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02886640 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 028853D0 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02885300 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028811C0 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02881290 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02882570 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02881000 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 028810A0 .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02882510 .text C:\WINDOWS\System32\svchost.exe[1332] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02881D10 .text C:\WINDOWS\System32\svchost.exe[1332] WS2_32.dll!send 71A54C27 5 Bytes JMP 02887250 .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02882160 .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 028820A0 .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 028823A0 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A32160 .text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C12160 .text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C123A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01B26390 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01B26640 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01B253D0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01B25300 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B211C0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01B21290 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01B22570 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01B21000 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01B210A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01B22510 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01B21D10 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] WS2_32.dll!send 71A54C27 5 Bytes JMP 01B27250 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01B22160 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01B220A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1576] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01B223A0 .text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 022D6390 .text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 022D6640 .text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 022D53D0 .text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 022D5300 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022D11C0 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 022D1290 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 022D2570 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 022D1000 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 022D10A0 .text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 022D2510 .text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 022D2160 .text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 022D20A0 .text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 022D23A0 .text C:\WINDOWS\Explorer.EXE[1660] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 022D1D10 .text C:\WINDOWS\Explorer.EXE[1660] WS2_32.dll!send 71A54C27 5 Bytes JMP 022D7250 .text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007A6390 .text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007A6640 .text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007A53D0 .text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007A5300 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A1290 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007A2570 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007A1000 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007A10A0 .text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007A2510 .text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007A1D10 .text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!send 71A54C27 5 Bytes JMP 007A7250 .text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 007A2160 .text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007A20A0 .text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007A23A0 .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A06390 .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A06640 .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A053D0 .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A05300 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A011C0 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A01290 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A02570 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A01000 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A010A0 .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A02510 .text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A01D10 .text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A07250 .text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A02160 .text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A020A0 .text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A023A0 .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DF6390 .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DF6640 .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DF53D0 .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DF5300 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF11C0 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF1290 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DF2570 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DF1000 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DF10A0 .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DF2510 .text C:\WINDOWS\system32\spoolsv.exe[2020] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DF1D10 .text C:\WINDOWS\system32\spoolsv.exe[2020] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DF7250 .text C:\WINDOWS\system32\spoolsv.exe[2020] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00DF2160 .text C:\WINDOWS\system32\spoolsv.exe[2020] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00DF20A0 .text C:\WINDOWS\system32\spoolsv.exe[2020] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00DF23A0 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3288] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\Internet Explorer\iexplore.exe[3288] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3340] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 000A23A0 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9A65 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D0DD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB30 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A756F C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4048] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\Internet Explorer\iexplore.exe[4048] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x61 0x42 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\download\DEMON\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x0A 0xCF 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x25 0x5C 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x43 0xDC 0x38 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x61 0x42 0xCA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\download\DEMON\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x0A 0xCF 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x25 0x5C 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x43 0xDC 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Srcsck C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe Srcsck ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe 96256 bytes executable File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4Y8G06V1\scriptaculous[1].js 2999 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OVIC9SOI\60-diagnostyka-infekcje-typu-rootkit[1].txt 65058 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\loader[1].gif 0 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\r_prezentobranie[1].jpg 0 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\r_wyprzedaz_telefonow[1].jpg 0 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\strona-glowna[1].txt 40601 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\t036013t_v21[1].ttf 142524 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\Icon_Home[1].gif 383 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\rotator_abo_sgs3mini[1].jpg 44748 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\html5[1].js 1484 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\iboa_sso[1].css 11542 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\t_Submenu2_bg[1].png 1389 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\util[2].js 46649 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\version_pl_win_ax[1].xml 1635 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\simpletreemenu[1].js 5360 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\sprite-bw-header[1].png 17140 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\sprite-pink-header[1].png 13775 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\crossdomain[2].xml 287 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\3b_doladowania[1].png 8960 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\2[1].jpg 8844 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\billing-calendar[1].css 1051 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y4VPLKSX\WidgetProvider[1].js 2825 bytes ---- EOF - GMER 2.1 ----