GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-04-01 18:39:19 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1654N rev.BV100-45 149,05GB Running: wmmke30b.exe; Driver: C:\DOCUME~1\RYSZAR~1\USTAWI~1\Temp\ufrorpoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter32.sys ZwCreateKey [0xA4F0830E] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 024F6390 .text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 024F6640 .text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024F53D0 .text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 024F5300 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024F11C0 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024F1290 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 024F2570 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 024F1000 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024F10A0 .text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 024F2510 .text C:\WINDOWS\system32\svchost.exe[428] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 024F1D10 .text C:\WINDOWS\system32\svchost.exe[428] WS2_32.dll!send 71A54C27 5 Bytes JMP 024F7250 .text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 024F2160 .text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 024F20A0 .text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 024F23A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006A6390 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006A6640 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006A53D0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006A5300 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006A11C0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006A1290 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006A2570 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006A1000 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006A10A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006A2510 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006A1D10 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] WS2_32.dll!send 71A54C27 5 Bytes JMP 006A7250 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 006A2160 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 006A20A0 .text E:\download\CDBurner\CDBurnerXP\NMSAccessU.exe[460] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 006A23A0 .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CD6390 .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CD6640 .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CD53D0 .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CD5300 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD11C0 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD1290 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CD2570 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CD1000 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CD10A0 .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CD2510 .text C:\WINDOWS\system32\svchost.exe[508] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CD1D10 .text C:\WINDOWS\system32\svchost.exe[508] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CD7250 .text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00CD2160 .text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00CD20A0 .text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00CD23A0 .text C:\WINDOWS\system32\PnkBstrA.exe[592] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008A6390 .text C:\WINDOWS\system32\PnkBstrA.exe[592] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008A6640 .text C:\WINDOWS\system32\PnkBstrA.exe[592] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008A53D0 .text C:\WINDOWS\system32\PnkBstrA.exe[592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A5300 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A11C0 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A1290 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008A2570 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008A1000 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008A10A0 .text C:\WINDOWS\system32\PnkBstrA.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008A2510 .text C:\WINDOWS\system32\PnkBstrA.exe[592] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008A1D10 .text C:\WINDOWS\system32\PnkBstrA.exe[592] WS2_32.dll!send 71A54C27 5 Bytes JMP 008A7250 .text C:\WINDOWS\system32\PnkBstrA.exe[592] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 008A2160 .text C:\WINDOWS\system32\PnkBstrA.exe[592] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 008A20A0 .text C:\WINDOWS\system32\PnkBstrA.exe[592] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 008A23A0 .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 034C6390 .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 034C6640 .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 034C53D0 .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 034C5300 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034C11C0 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 034C1290 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 034C2570 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 034C1000 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 034C10A0 .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 034C2510 .text C:\WINDOWS\System32\svchost.exe[596] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 034C1D10 .text C:\WINDOWS\System32\svchost.exe[596] WS2_32.dll!send 71A54C27 5 Bytes JMP 034C7250 .text C:\WINDOWS\System32\svchost.exe[596] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 034C2160 .text C:\WINDOWS\System32\svchost.exe[596] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 034C20A0 .text C:\WINDOWS\System32\svchost.exe[596] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 034C23A0 .text C:\WINDOWS\system32\svchost.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\svchost.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\svchost.exe[640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\svchost.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\svchost.exe[640] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\svchost.exe[640] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\svchost.exe[640] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A32160 .text C:\WINDOWS\system32\svchost.exe[640] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\svchost.exe[640] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A323A0 .text C:\WINDOWS\system32\PnkBstrB.exe[648] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009C6390 .text C:\WINDOWS\system32\PnkBstrB.exe[648] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009C6640 .text C:\WINDOWS\system32\PnkBstrB.exe[648] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009C53D0 .text C:\WINDOWS\system32\PnkBstrB.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009C5300 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C11C0 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C1290 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009C2570 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009C1000 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009C10A0 .text C:\WINDOWS\system32\PnkBstrB.exe[648] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009C2510 .text C:\WINDOWS\system32\PnkBstrB.exe[648] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009C1D10 .text C:\WINDOWS\system32\PnkBstrB.exe[648] WS2_32.dll!send 71A54C27 5 Bytes JMP 009C7250 .text C:\WINDOWS\system32\PnkBstrB.exe[648] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009C2160 .text C:\WINDOWS\system32\PnkBstrB.exe[648] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009C20A0 .text C:\WINDOWS\system32\PnkBstrB.exe[648] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009C23A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B52160 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B520A0 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[672] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B523A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CA6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CA6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CA53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CA5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CA2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CA1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CA10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CA2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CA1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CA7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00CA2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00CA20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[888] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00CA23A0 .text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 027B6390 .text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 027B6640 .text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 027B53D0 .text C:\WINDOWS\Explorer.EXE[912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 027B5300 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027B11C0 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027B1290 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 027B2570 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 027B1000 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 027B10A0 .text C:\WINDOWS\Explorer.EXE[912] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 027B2510 .text C:\WINDOWS\Explorer.EXE[912] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 027B2160 .text C:\WINDOWS\Explorer.EXE[912] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 027B20A0 .text C:\WINDOWS\Explorer.EXE[912] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 027B23A0 .text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 027B1D10 .text C:\WINDOWS\Explorer.EXE[912] WS2_32.dll!send 71A54C27 5 Bytes JMP 027B7250 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007A6390 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007A6640 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007A53D0 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007A5300 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A1290 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007A2570 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007A1000 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007A10A0 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007A2510 .text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007A1D10 .text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!send 71A54C27 5 Bytes JMP 007A7250 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 007A2160 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007A20A0 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007A23A0 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BD6390 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BD6640 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BD53D0 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BD5300 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD11C0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD1290 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BD2570 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BD1000 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BD10A0 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BD2510 .text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BD1D10 .text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BD7250 .text C:\WINDOWS\system32\svchost.exe[1088] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00BD2160 .text C:\WINDOWS\system32\svchost.exe[1088] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00BD20A0 .text C:\WINDOWS\system32\svchost.exe[1088] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00BD23A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A26390 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A26640 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A253D0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A25300 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A211C0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A21290 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01A22570 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01A21000 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01A210A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01A22510 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A21D10 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] WS2_32.dll!send 71A54C27 5 Bytes JMP 01A27250 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01A22160 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01A220A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[1156] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01A223A0 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BD6390 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BD6640 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BD53D0 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BD5300 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD11C0 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD1290 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BD2570 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BD1000 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BD10A0 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BD2510 .text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BD1D10 .text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BD7250 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00BD2160 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00BD20A0 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00BD23A0 .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DF6390 .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DF6640 .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DF53D0 .text C:\WINDOWS\system32\spoolsv.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DF5300 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF11C0 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF1290 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DF2570 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DF1000 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DF10A0 .text C:\WINDOWS\system32\spoolsv.exe[1324] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DF2510 .text C:\WINDOWS\system32\spoolsv.exe[1324] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DF1D10 .text C:\WINDOWS\system32\spoolsv.exe[1324] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DF7250 .text C:\WINDOWS\system32\spoolsv.exe[1324] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00DF2160 .text C:\WINDOWS\system32\spoolsv.exe[1324] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00DF20A0 .text C:\WINDOWS\system32\spoolsv.exe[1324] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00DF23A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01516390 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01516640 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015153D0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01515300 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015111C0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01511290 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01512570 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01511000 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015110A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01512510 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01511D10 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] ws2_32.dll!send 71A54C27 5 Bytes JMP 01517250 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01512160 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 015120A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe[1376] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 015123A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E56390 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E56640 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E553D0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E55300 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E511C0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E51290 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E52570 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E51000 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E510A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E52510 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E51D10 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E57250 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E52160 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E520A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe[1460] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E523A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03B36390 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03B36640 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03B353D0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03B35300 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03B311C0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03B31290 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03B32570 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03B31000 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 03B310A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03B32510 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03B31D10 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] WS2_32.dll!send 71A54C27 5 Bytes JMP 03B37250 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 03B32160 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 03B320A0 .text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1560] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 03B323A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01D36390 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01D36640 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01D353D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01D35300 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01D311C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01D31290 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01D32570 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01D31000 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01D310A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01D32510 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01D31D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] WS2_32.dll!send 71A54C27 5 Bytes JMP 01D37250 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01D32160 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01D320A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1652] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01D323A0 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F46390 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F46640 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F453D0 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F45300 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F411C0 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F41290 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F42570 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F41000 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F410A0 .text C:\WINDOWS\system32\lxddcoms.exe[1804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F42510 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F41D10 .text C:\WINDOWS\system32\lxddcoms.exe[1804] ws2_32.dll!send 71A54C27 5 Bytes JMP 00F47250 .text C:\WINDOWS\system32\lxddcoms.exe[1804] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F42160 .text C:\WINDOWS\system32\lxddcoms.exe[1804] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F420A0 .text C:\WINDOWS\system32\lxddcoms.exe[1804] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F423A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EA6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EA53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EA5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EA2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EA1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EA10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EA2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EA1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EA7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00EA2160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00EA20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1888] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00EA23A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01E06390 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01E06640 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01E053D0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01E05300 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E011C0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E01290 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01E02570 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01E01000 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01E010A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01E02510 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01E01D10 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] WS2_32.dll!send 71A54C27 5 Bytes JMP 01E07250 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01E02160 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01E020A0 .text C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe[1908] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01E023A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 015F6390 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 015F6640 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015F53D0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015F5300 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 015F1290 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 015F2570 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 015F1000 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015F10A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 015F2510 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 015F1D10 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] WS2_32.dll!send 71A54C27 5 Bytes JMP 015F7250 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 015F2160 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 015F20A0 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1932] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 015F23A0 .text C:\WINDOWS\system32\csrss.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01276390 .text C:\WINDOWS\system32\csrss.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01276640 .text C:\WINDOWS\system32\csrss.exe[1944] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012753D0 .text C:\WINDOWS\system32\csrss.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01275300 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 012711C0 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 01271290 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 01272570 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01271000 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012710A0 .text C:\WINDOWS\system32\csrss.exe[1944] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01272510 .text C:\WINDOWS\system32\csrss.exe[1944] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01271D10 .text C:\WINDOWS\system32\csrss.exe[1944] WS2_32.dll!send 71A54C27 5 Bytes JMP 01277250 .text C:\WINDOWS\system32\csrss.exe[1944] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01272160 .text C:\WINDOWS\system32\csrss.exe[1944] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 012720A0 .text C:\WINDOWS\system32\csrss.exe[1944] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 012723A0 .text C:\WINDOWS\system32\winlogon.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019D6390 .text C:\WINDOWS\system32\winlogon.exe[1972] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019D6640 .text C:\WINDOWS\system32\winlogon.exe[1972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019D53D0 .text C:\WINDOWS\system32\winlogon.exe[1972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 019D5300 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019D11C0 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019D1290 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 019D2570 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 019D1000 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019D10A0 .text C:\WINDOWS\system32\winlogon.exe[1972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 019D2510 .text C:\WINDOWS\system32\winlogon.exe[1972] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[1972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019D1D10 .text C:\WINDOWS\system32\winlogon.exe[1972] WS2_32.dll!send 71A54C27 5 Bytes JMP 019D7250 .text C:\WINDOWS\system32\winlogon.exe[1972] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 019D2160 .text C:\WINDOWS\system32\winlogon.exe[1972] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 019D20A0 .text C:\WINDOWS\system32\winlogon.exe[1972] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 019D23A0 .text C:\WINDOWS\system32\services.exe[2028] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01166390 .text C:\WINDOWS\system32\services.exe[2028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01166640 .text C:\WINDOWS\system32\services.exe[2028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011653D0 .text C:\WINDOWS\system32\services.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01165300 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011611C0 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01161290 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01162570 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01161000 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011610A0 .text C:\WINDOWS\system32\services.exe[2028] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01162510 .text C:\WINDOWS\system32\services.exe[2028] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01161D10 .text C:\WINDOWS\system32\services.exe[2028] WS2_32.dll!send 71A54C27 5 Bytes JMP 01167250 .text C:\WINDOWS\system32\services.exe[2028] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01162160 .text C:\WINDOWS\system32\services.exe[2028] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 011620A0 .text C:\WINDOWS\system32\services.exe[2028] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 011623A0 .text D:\wmmke30b.exe[2888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00176390 .text D:\wmmke30b.exe[2888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00176640 .text D:\wmmke30b.exe[2888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001753D0 .text D:\wmmke30b.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00175300 .text D:\wmmke30b.exe[2888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001711C0 .text D:\wmmke30b.exe[2888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00171290 .text D:\wmmke30b.exe[2888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00172570 .text D:\wmmke30b.exe[2888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00171000 .text D:\wmmke30b.exe[2888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001710A0 .text D:\wmmke30b.exe[2888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00172510 .text D:\wmmke30b.exe[2888] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00171D10 .text D:\wmmke30b.exe[2888] WS2_32.dll!send 71A54C27 5 Bytes JMP 00177250 .text D:\wmmke30b.exe[2888] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00172160 .text D:\wmmke30b.exe[2888] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001720A0 .text D:\wmmke30b.exe[2888] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001723A0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x61 0x42 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\download\DEMON\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x0A 0xCF 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x25 0x5C 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x43 0xDC 0x38 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x61 0x42 0xCA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\download\DEMON\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x0A 0xCF 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x25 0x5C 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x43 0xDC 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Srcsck C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe Srcsck ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Ryszard Pietruszka\Cookies\UVHVYSDW.txt 471 bytes File C:\Documents and Settings\Ryszard Pietruszka\Cookies\V3LJALUD.txt 0 bytes File C:\Documents and Settings\Ryszard Pietruszka\Dane aplikacji\Srcsck.exe 96256 bytes executable File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temp\scoped_dir18202 0 bytes File C:\Documents and Settings\Ryszard Pietruszka\Ustawienia lokalne\Temp\scoped_dir18244 0 bytes ---- EOF - GMER 2.1 ----