GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-18 09:50:44 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3500320AS rev.SD15 Running: 9ygqq5ht.exe; Driver: C:\DOCUME~1\Asia\USTAWI~1\Temp\pftiyaow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 006F2160 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00722160 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007E2160 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007F2160 .text C:\WINDOWS\system32\IoctlSvc.exe[900] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007F2160 .text C:\WINDOWS\system32\HPZipm12.exe[1636] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00842160 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 008F2160 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00AC2160 .text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00B52160 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00CD2160 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D02160 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D12160 .text C:\WINDOWS\system32\ctfmon.exe[1012] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D82160 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00DE2160 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00DE2160 .text C:\Program Files\Eset\UpdateReminder .exe[2916] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00EA2160 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00EF2160 .text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01012160 .text C:\WINDOWS\system32\svchost.exe[2228] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01062160 .text C:\WINDOWS\system32\nvsvc32.exe[1476] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011C2160 .text C:\Program Files\Eset\nod32kui .exe[2868] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011D2160 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 013D2160 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01412160 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01462160 .text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01582160 .text C:\WINDOWS\system32\services.exe[396] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 016E2160 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01932160 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 019A2160 .text C:\Program Files\Eset\UpdateReminder.exe[1876] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 019A2160 .text C:\WINDOWS\system32\spoolsv.exe[1440] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01AA2160 .text C:\Program Files\Eset\nod32kui.exe[1912] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01BD2160 .text C:\WINDOWS\system32\winlogon.exe[188] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01EA2160 .text C:\WINDOWS\system32\csrss.exe[2024] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02BF2160 .text C:\WINDOWS\system32\ntvdm.exe[752] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02D02160 .text C:\Program Files\Eset\nod32krn.exe[1244] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 045D2160 .text C:\WINDOWS\RTHDCPL.EXE[908] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 04B82160 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 006F20A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007220A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007E20A0 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007F20A0 .text C:\WINDOWS\system32\IoctlSvc.exe[900] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007F20A0 .text C:\WINDOWS\system32\HPZipm12.exe[1636] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 008420A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 008F20A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00AC20A0 .text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00B520A0 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00CD20A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D020A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D120A0 .text C:\WINDOWS\system32\ctfmon.exe[1012] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D820A0 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00DE20A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00DE20A0 .text C:\Program Files\Eset\UpdateReminder .exe[2916] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00EA20A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00EF20A0 .text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 010120A0 .text C:\WINDOWS\system32\svchost.exe[2228] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 010620A0 .text C:\WINDOWS\system32\nvsvc32.exe[1476] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011C20A0 .text C:\Program Files\Eset\nod32kui .exe[2868] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011D20A0 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 013D20A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 014120A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 014620A0 .text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 015820A0 .text C:\WINDOWS\system32\services.exe[396] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 016E20A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 019320A0 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 019A20A0 .text C:\Program Files\Eset\UpdateReminder.exe[1876] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 019A20A0 .text C:\WINDOWS\system32\spoolsv.exe[1440] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01AA20A0 .text C:\Program Files\Eset\nod32kui.exe[1912] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01BD20A0 .text C:\WINDOWS\system32\winlogon.exe[188] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01EA20A0 .text C:\WINDOWS\system32\csrss.exe[2024] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 02BF20A0 .text C:\WINDOWS\system32\ntvdm.exe[752] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 02D020A0 .text C:\Program Files\Eset\nod32krn.exe[1244] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 045D20A0 .text C:\WINDOWS\RTHDCPL.EXE[908] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 04B820A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WININET.dll!InternetWriteFile 6307665E 3 Bytes JMP 019323A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 006F23A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007223A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007E23A0 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007F23A0 .text C:\WINDOWS\system32\IoctlSvc.exe[900] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007F23A0 .text C:\WINDOWS\system32\HPZipm12.exe[1636] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 008423A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 008F23A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00AC23A0 .text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00B523A0 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00CD23A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00D023A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00D123A0 .text C:\WINDOWS\system32\ctfmon.exe[1012] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00D823A0 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00DE23A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00DE23A0 .text C:\Program Files\Eset\UpdateReminder .exe[2916] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00EA23A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00EF23A0 .text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 010123A0 .text C:\WINDOWS\system32\svchost.exe[2228] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 010623A0 .text C:\WINDOWS\system32\nvsvc32.exe[1476] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011C23A0 .text C:\Program Files\Eset\nod32kui .exe[2868] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011D23A0 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 013D23A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 014123A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 014623A0 .text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 015823A0 .text C:\WINDOWS\system32\services.exe[396] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 016E23A0 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 019A23A0 .text C:\Program Files\Eset\UpdateReminder.exe[1876] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 019A23A0 .text C:\WINDOWS\system32\spoolsv.exe[1440] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01AA23A0 .text C:\Program Files\Eset\nod32kui.exe[1912] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01BD23A0 .text C:\WINDOWS\system32\winlogon.exe[188] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01EA23A0 .text C:\WINDOWS\system32\csrss.exe[2024] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 02BF23A0 .text C:\WINDOWS\system32\ntvdm.exe[752] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 02D023A0 .text C:\Program Files\Eset\nod32krn.exe[1244] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 045D23A0 .text C:\WINDOWS\RTHDCPL.EXE[908] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 04B823A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WININET.dll!InternetWriteFile + 4 63076662 1 Byte [9E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006F1D10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00721D10 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007E1D10 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007F1D10 .text C:\WINDOWS\system32\IoctlSvc.exe[900] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007F1D10 .text C:\WINDOWS\system32\HPZipm12.exe[1636] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00841D10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008F1D10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AC1D10 .text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CD1D10 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D01D10 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D11D10 .text C:\WINDOWS\system32\ctfmon.exe[1012] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D81D10 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DE1D10 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DE1D10 .text C:\Program Files\Eset\UpdateReminder .exe[2916] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EA1D10 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EF1D10 .text C:\WINDOWS\system32\svchost.exe[644] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01011D10 .text C:\WINDOWS\system32\svchost.exe[2228] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01061D10 .text C:\WINDOWS\system32\nvsvc32.exe[1476] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011C1D10 .text C:\Program Files\Eset\nod32kui .exe[2868] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011D1D10 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013D1D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01411D10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01461D10 .text C:\WINDOWS\system32\svchost.exe[764] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01581D10 .text C:\WINDOWS\system32\services.exe[396] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 016E1D10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01931D10 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019A1D10 .text C:\Program Files\Eset\UpdateReminder.exe[1876] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019A1D10 .text C:\WINDOWS\system32\spoolsv.exe[1440] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01AA1D10 .text C:\Program Files\Eset\nod32kui.exe[1912] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01BD1D10 .text C:\WINDOWS\system32\winlogon.exe[188] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01EA1D10 .text C:\WINDOWS\system32\csrss.exe[2024] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02BF1D10 .text C:\WINDOWS\system32\ntvdm.exe[752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02D01D10 .text C:\Program Files\Eset\nod32krn.exe[1244] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 045D1D10 .text C:\WINDOWS\RTHDCPL.EXE[908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04B81D10 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] WS2_32.dll!send 71A54C27 5 Bytes JMP 006F7250 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] WS2_32.dll!send 71A54C27 5 Bytes JMP 00727250 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] WS2_32.dll!send 71A54C27 5 Bytes JMP 007E7250 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] WS2_32.dll!send 71A54C27 5 Bytes JMP 007F7250 .text C:\WINDOWS\system32\IoctlSvc.exe[900] WS2_32.dll!send 71A54C27 5 Bytes JMP 007F7250 .text C:\WINDOWS\system32\HPZipm12.exe[1636] WS2_32.dll!send 71A54C27 5 Bytes JMP 00847250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] WS2_32.dll!send 71A54C27 5 Bytes JMP 008F7250 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AC7250 .text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CD7250 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D07250 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D17250 .text C:\WINDOWS\system32\ctfmon.exe[1012] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D87250 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DE7250 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DE7250 .text C:\Program Files\Eset\UpdateReminder .exe[2916] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EA7250 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EF7250 .text C:\WINDOWS\system32\svchost.exe[644] WS2_32.dll!send 71A54C27 5 Bytes JMP 01017250 .text C:\WINDOWS\system32\svchost.exe[2228] WS2_32.dll!send 71A54C27 5 Bytes JMP 01067250 .text C:\WINDOWS\system32\nvsvc32.exe[1476] WS2_32.dll!send 71A54C27 5 Bytes JMP 011C7250 .text C:\Program Files\Eset\nod32kui .exe[2868] WS2_32.dll!send 71A54C27 5 Bytes JMP 011D7250 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] WS2_32.dll!send 71A54C27 5 Bytes JMP 013D7250 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] WS2_32.dll!send 71A54C27 5 Bytes JMP 01417250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] WS2_32.dll!send 71A54C27 5 Bytes JMP 01467250 .text C:\WINDOWS\system32\svchost.exe[764] WS2_32.dll!send 71A54C27 5 Bytes JMP 01587250 .text C:\WINDOWS\system32\services.exe[396] WS2_32.dll!send 71A54C27 5 Bytes JMP 016E7250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] WS2_32.dll!send 71A54C27 5 Bytes JMP 01937250 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] WS2_32.dll!send 71A54C27 5 Bytes JMP 019A7250 .text C:\Program Files\Eset\UpdateReminder.exe[1876] WS2_32.dll!send 71A54C27 5 Bytes JMP 019A7250 .text C:\WINDOWS\system32\spoolsv.exe[1440] WS2_32.dll!send 71A54C27 5 Bytes JMP 01AA7250 .text C:\Program Files\Eset\nod32kui.exe[1912] WS2_32.dll!send 71A54C27 5 Bytes JMP 01BD7250 .text C:\WINDOWS\system32\winlogon.exe[188] WS2_32.dll!send 71A54C27 5 Bytes JMP 01EA7250 .text C:\WINDOWS\system32\csrss.exe[2024] WS2_32.dll!send 71A54C27 5 Bytes JMP 02BF7250 .text C:\WINDOWS\system32\ntvdm.exe[752] WS2_32.dll!send 71A54C27 5 Bytes JMP 02D07250 .text C:\Program Files\Eset\nod32krn.exe[1244] WS2_32.dll!send 71A54C27 5 Bytes JMP 045D7250 .text C:\WINDOWS\RTHDCPL.EXE[908] WS2_32.dll!send 71A54C27 5 Bytes JMP 04B87250 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F11C0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007211C0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E11C0 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F11C0 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F11C0 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008411C0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008F11C0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC11C0 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD11C0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D011C0 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D811C0 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE11C0 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE11C0 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA11C0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF11C0 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010111C0 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010611C0 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011C11C0 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D11C0 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013D11C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014111C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014611C0 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015811C0 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016E11C0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019311C0 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019A11C0 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019A11C0 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AA11C0 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01BD11C0 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01EA11C0 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 02BF11C0 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D011C0 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 045D11C0 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04B811C0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F1290 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00721290 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E1290 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007F1290 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007F1290 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00841290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008F1290 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC1290 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD1290 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D01290 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D11290 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D81290 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE1290 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE1290 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA1290 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF1290 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01011290 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01061290 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011C1290 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011D1290 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013D1290 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01411290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01461290 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01581290 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016E1290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01931290 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019A1290 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019A1290 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AA1290 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01BD1290 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01EA1290 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 02BF1290 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D01290 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 045D1290 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04B81290 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006F2570 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00722570 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007E2570 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007F2570 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007F2570 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00842570 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008F2570 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AC2570 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CD2570 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D02570 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D12570 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D82570 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DE2570 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DE2570 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EA2570 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00EF2570 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01012570 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01062570 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 011C2570 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 011D2570 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 013D2570 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01412570 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01462570 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01582570 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 016E2570 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01932570 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 019A2570 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 019A2570 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01AA2570 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01BD2570 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01EA2570 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 02BF2570 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02D02570 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 045D2570 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 04B82570 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006F1000 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00721000 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007E1000 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007F1000 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007F1000 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00841000 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008F1000 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AC1000 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CD1000 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D01000 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D11000 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D81000 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DE1000 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DE1000 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EA1000 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00EF1000 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01011000 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01061000 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 011C1000 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 011D1000 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013D1000 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01411000 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01461000 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01581000 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 016E1000 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01931000 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 019A1000 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 019A1000 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01AA1000 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01BD1000 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01EA1000 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02BF1000 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02D01000 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 045D1000 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 04B81000 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006F10A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007210A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007E10A0 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007F10A0 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007F10A0 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008410A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008F10A0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AC10A0 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CD10A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D010A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D110A0 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D810A0 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DE10A0 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DE10A0 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EA10A0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00EF10A0 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010110A0 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010610A0 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011C10A0 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011D10A0 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013D10A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014110A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014610A0 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015810A0 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 016E10A0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019310A0 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019A10A0 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019A10A0 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01AA10A0 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01BD10A0 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01EA10A0 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 02BF10A0 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 02D010A0 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 045D10A0 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 04B810A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006F2510 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00722510 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007E2510 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007F2510 .text C:\WINDOWS\system32\IoctlSvc.exe[900] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007F2510 .text C:\WINDOWS\system32\HPZipm12.exe[1636] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00842510 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008F2510 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AC2510 .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CD2510 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D02510 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D12510 .text C:\WINDOWS\system32\ctfmon.exe[1012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D82510 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DE2510 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DE2510 .text C:\Program Files\Eset\UpdateReminder .exe[2916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EA2510 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00EF2510 .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01012510 .text C:\WINDOWS\system32\svchost.exe[2228] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01062510 .text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 011C2510 .text C:\Program Files\Eset\nod32kui .exe[2868] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 011D2510 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013D2510 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01412510 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01462510 .text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01582510 .text C:\WINDOWS\system32\services.exe[396] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 016E2510 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01932510 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 019A2510 .text C:\Program Files\Eset\UpdateReminder.exe[1876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 019A2510 .text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01AA2510 .text C:\Program Files\Eset\nod32kui.exe[1912] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01BD2510 .text C:\WINDOWS\system32\winlogon.exe[188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01EA2510 .text C:\WINDOWS\system32\csrss.exe[2024] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02BF2510 .text C:\WINDOWS\system32\ntvdm.exe[752] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02D02510 .text C:\Program Files\Eset\nod32krn.exe[1244] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 045D2510 .text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 04B82510 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006F6390 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00726390 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007E6390 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007F6390 .text C:\WINDOWS\system32\IoctlSvc.exe[900] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007F6390 .text C:\WINDOWS\system32\HPZipm12.exe[1636] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00846390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008F6390 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AC6390 .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CD6390 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D06390 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D16390 .text C:\WINDOWS\system32\ctfmon.exe[1012] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D86390 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE6390 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE6390 .text C:\Program Files\Eset\UpdateReminder .exe[2916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA6390 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EF6390 .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01016390 .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01066390 .text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011C6390 .text C:\Program Files\Eset\nod32kui .exe[2868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011D6390 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013D6390 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01416390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01466390 .text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01586390 .text C:\WINDOWS\system32\services.exe[396] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 016E6390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01936390 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019A6390 .text C:\Program Files\Eset\UpdateReminder.exe[1876] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019A6390 .text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01AA6390 .text C:\Program Files\Eset\nod32kui.exe[1912] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01BD6390 .text C:\WINDOWS\system32\winlogon.exe[188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01EA6390 .text C:\WINDOWS\system32\csrss.exe[2024] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02BF6390 .text C:\WINDOWS\system32\ntvdm.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02D06390 .text C:\Program Files\Eset\nod32krn.exe[1244] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 045D6390 .text C:\WINDOWS\RTHDCPL.EXE[908] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 04B86390 .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0271000A .text C:\WINDOWS\explorer.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0322000A .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006F6640 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00726640 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007E6640 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007F6640 .text C:\WINDOWS\system32\IoctlSvc.exe[900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007F6640 .text C:\WINDOWS\system32\HPZipm12.exe[1636] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00846640 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008F6640 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AC6640 .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CD6640 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D06640 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D16640 .text C:\WINDOWS\system32\ctfmon.exe[1012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D86640 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DE6640 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DE6640 .text C:\Program Files\Eset\UpdateReminder .exe[2916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EA6640 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EF6640 .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01016640 .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01066640 .text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011C6640 .text C:\Program Files\Eset\nod32kui .exe[2868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011D6640 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013D6640 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01416640 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01466640 .text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01586640 .text C:\WINDOWS\system32\services.exe[396] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 016E6640 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01936640 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019A6640 .text C:\Program Files\Eset\UpdateReminder.exe[1876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 019A6640 .text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01AA6640 .text C:\Program Files\Eset\nod32kui.exe[1912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01BD6640 .text C:\WINDOWS\system32\winlogon.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01EA6640 .text C:\WINDOWS\system32\csrss.exe[2024] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02BF6640 .text C:\WINDOWS\system32\ntvdm.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02D06640 .text C:\Program Files\Eset\nod32krn.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 045D6640 .text C:\WINDOWS\RTHDCPL.EXE[908] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 04B86640 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006F53D0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007253D0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007E53D0 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007F53D0 .text C:\WINDOWS\system32\IoctlSvc.exe[900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007F53D0 .text C:\WINDOWS\system32\HPZipm12.exe[1636] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008453D0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008F53D0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AC53D0 .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CD53D0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D053D0 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D153D0 .text C:\WINDOWS\system32\ctfmon.exe[1012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D853D0 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DE53D0 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DE53D0 .text C:\Program Files\Eset\UpdateReminder .exe[2916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EA53D0 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EF53D0 .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010153D0 .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010653D0 .text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011C53D0 .text C:\Program Files\Eset\nod32kui .exe[2868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011D53D0 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013D53D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014153D0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014653D0 .text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015853D0 .text C:\WINDOWS\system32\services.exe[396] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 016E53D0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019353D0 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019A53D0 .text C:\Program Files\Eset\UpdateReminder.exe[1876] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019A53D0 .text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01AA53D0 .text C:\Program Files\Eset\nod32kui.exe[1912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01BD53D0 .text C:\WINDOWS\system32\winlogon.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01EA53D0 .text C:\WINDOWS\system32\csrss.exe[2024] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02BF53D0 .text C:\WINDOWS\system32\ntvdm.exe[752] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02D053D0 .text C:\Program Files\Eset\nod32krn.exe[1244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 045D53D0 .text C:\WINDOWS\RTHDCPL.EXE[908] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 04B853D0 .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0105000A .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02B9000A .text C:\WINDOWS\explorer.exe[3672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0323000A .text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C .text C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0270000C .text C:\WINDOWS\explorer.exe[3672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0321000C .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F5300 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[252] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00725300 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007E5300 .text C:\Program Files\Canon\CAL\CALMAIN.exe[2468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007F5300 .text C:\WINDOWS\system32\IoctlSvc.exe[900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007F5300 .text C:\WINDOWS\system32\HPZipm12.exe[1636] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00845300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008F5300 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC5300 .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B55300 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CD5300 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D05300 .text C:\WINDOWS\system32\RUNDLL32.EXE[876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D15300 .text C:\WINDOWS\system32\ctfmon.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D85300 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2164] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DE5300 .text C:\WINDOWS\system32\PnkBstrA.exe[1800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DE5300 .text C:\Program Files\Eset\UpdateReminder .exe[2916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EA5300 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[656] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EF5300 .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01015300 .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01065300 .text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 011C5300 .text C:\Program Files\Eset\nod32kui .exe[2868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 011D5300 .text C:\WINDOWS\TEMP\kmmero\setup.exe[1080] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 013D5300 .text C:\Program Files\Java\jre6\bin\jqs.exe[2016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01415300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1256] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01465300 .text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01585300 .text C:\WINDOWS\system32\services.exe[396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 016E5300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01935300 .text C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe[1760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 019A5300 .text C:\Program Files\Eset\UpdateReminder.exe[1876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 019A5300 .text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01AA5300 .text C:\Program Files\Eset\nod32kui.exe[1912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01BD5300 .text C:\WINDOWS\system32\winlogon.exe[188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01EA5300 .text C:\WINDOWS\system32\csrss.exe[2024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02BF5300 .text C:\WINDOWS\system32\ntvdm.exe[752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02D05300 .text C:\Program Files\Eset\nod32krn.exe[1244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 045D5300 .text C:\WINDOWS\RTHDCPL.EXE[908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 04B85300 ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8B0FC31B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B0FC31B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B0FC31B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B0FC31B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8B0FC31B AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA7CD8300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB0FB1300, 0x1B7E, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C43360, 0x37192D, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0xB1 0xE5 0x44 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0x0B 0x8A 0xC7 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x39 0xBD 0x60 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0x98 0x85 0xC4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0x98 0x85 0xC4 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2051A56E-A9EC-63A5-E364-9E014A0DD22A} ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Asia\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\do9tsd9k.Domyślny użytkownik\Cache\7AE83939d01 42565 bytes File C:\Documents and Settings\Asia\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\do9tsd9k.Domyślny użytkownik\Cache\CE6E2E3Ad01 24605 bytes File C:\Documents and Settings\Asia\Ustawienia lokalne\Temp\fla760.tmp 0 bytes ---- EOF - GMER 1.0.15 ----