GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-03 15:28:29 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD322HJ rev.1AC01112 298,09GB Running: lndp8v3t.exe; Driver: C:\DOCUME~1\MiG\USTAWI~1\Temp\fxtdqpog.sys ---- System - GMER 2.1 ---- SSDT spsk.sys ZwCreateKey [0xB9EB50E0] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwCreateProcess [0xACF447E6] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwCreateProcessEx [0xACF44800] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwCreateThread [0xACF43EA2] SSDT spsk.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spsk.sys ZwEnumerateValueKey [0xB9ECE132] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwMapViewOfSection [0xACF43BC4] SSDT spsk.sys ZwOpenKey [0xB9EB50C0] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwOpenSection [0xACF4405A] SSDT spsk.sys ZwQueryKey [0xB9ECE20A] SSDT spsk.sys ZwQueryValueKey [0xB9ECE08A] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwRenameKey [0xACF4540C] SSDT spsk.sys ZwSetValueKey [0xB9ECE29C] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwSuspendProcess [0xACF43A42] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwSuspendThread [0xACF43ED6] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwTerminateProcess [0xACF4399C] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwTerminateThread [0xACF43AFC] SSDT \??\C:\Program Files\Bezpieczny Internet Premium\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0xACF43F9E] INT 0x62 ? 89DE6BF8 INT 0x63 ? 89C82BF8 INT 0x82 ? 89DE6BF8 INT 0x83 ? 89C82BF8 INT 0xA4 ? 89C82BF8 INT 0xB4 ? 89C82BF8 ---- Kernel code sections - GMER 2.1 ---- ? spsk.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\drivers\ACPI.sys section is writeable [0xB9E6D300, 0x1AF00, 0xE8000020] .rsrc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xB9E96F00, 0x1BF8, 0xE8000040] .reloc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xB9E98B00, 0x2506, 0xE8000040] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB989A000, 0x1894F8, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 019B000C .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 019B100C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 019C400C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 019BC00C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 019BE00C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 019BD00C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 019C500C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 019C300C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 019C600C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 019C000C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 019BF00C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 019C200C .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 019C100C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 019B700C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 019B400C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 019B600C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 019B500C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 019B900C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 019B800C .text C:\WINDOWS\Explorer.EXE[412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 019B300C .text C:\WINDOWS\Explorer.EXE[412] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 019B200C .text C:\WINDOWS\Explorer.EXE[412] WS2_32.dll!send 71A54C27 5 Bytes JMP 019BB00C .text C:\WINDOWS\Explorer.EXE[412] WS2_32.dll!recv 71A5676F 5 Bytes JMP 019BA00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D4, A8, 00] {SUB AH, DL; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0106000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0106100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D7, A8, 00] {SUB BH, DL; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D4, A8, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D5, A8, 00] {TEST AL, 0xd5; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917EEE .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D6, A8, 00] {TEST AL, 0xd6; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D5, A8, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D6, A8, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917F5F .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D4, A8, 00] {TEST AL, 0xd4; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91808D .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D5, A8, 00] {SUB CH, DL; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D6, A8, 00] {SUB DH, DL; TEST AL, 0x0} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D7, A8, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[428] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0097000C .text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0097100C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0098400C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0097C00C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0097E00C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0097D00C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0098500C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0098300C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0098600C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0098000C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0097F00C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0098200C .text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0098100C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0097700C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0097400C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0097600C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0097500C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0097900C .text C:\WINDOWS\system32\svchost.exe[540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0097800C .text C:\WINDOWS\system32\svchost.exe[540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0097300C .text C:\WINDOWS\system32\svchost.exe[540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0097200C .text C:\WINDOWS\system32\svchost.exe[540] WS2_32.dll!send 71A54C27 5 Bytes JMP 0097B00C .text C:\WINDOWS\system32\svchost.exe[540] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0097A00C .text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1000C .text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C1100C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00C2400C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00C1C00C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00C1E00C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00C1D00C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00C2500C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00C2300C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00C2600C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00C2000C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00C1F00C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00C2200C .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00C2100C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00C1700C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00C1400C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00C1600C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00C1500C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C1900C .text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C1800C .text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C1300C .text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C1200C .text C:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C1B00C .text C:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00C1A00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A000C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A100C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 003B400C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 003AC00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 003AE00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 003AD00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 003B500C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 003B300C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 003B600C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 003B000C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 003AF00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 003B200C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 003B100C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 003A700C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A400C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 003A600C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A500C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A900C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A800C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] WS2_32.dll!send 71A54C27 5 Bytes JMP 003AB00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] WS2_32.dll!recv 71A5676F 5 Bytes JMP 003AA00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A300C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A200C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E5000C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E5100C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 02E6400C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 02E5C00C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 02E5E00C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 02E5D00C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 02E6500C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 02E6300C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 02E6600C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 02E6000C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 02E5F00C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 02E6200C .text C:\WINDOWS\system32\Ati2evxx.exe[932] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 02E6100C .text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02E5300C .text C:\WINDOWS\system32\Ati2evxx.exe[932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02E5200C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 02E5700C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 02E5400C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 02E5600C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 02E5500C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 02E5900C .text C:\WINDOWS\system32\Ati2evxx.exe[932] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 02E5800C .text C:\WINDOWS\system32\Ati2evxx.exe[932] WS2_32.dll!send 71A54C27 5 Bytes JMP 02E5B00C .text C:\WINDOWS\system32\Ati2evxx.exe[932] WS2_32.dll!recv 71A5676F 5 Bytes JMP 02E5A00C .text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0442000C .text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0442100C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0443400C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0442C00C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0442E00C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0442D00C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0443500C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0443300C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0443600C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0443000C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0442F00C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0443200C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0443100C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0442700C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0442400C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0442600C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0442500C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0442900C .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0442800C .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0442300C .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0442200C .text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!send 71A54C27 5 Bytes JMP 0442B00C .text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0442A00C .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA000C .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00DA100C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00DB400C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00DAC00C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00DAE00C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00DAD00C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00DB500C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00DB300C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00DB600C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00DB000C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00DAF00C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00DB200C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00DB100C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00DA700C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00DA400C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00DA600C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00DA500C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00DA900C .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00DA800C .text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DA300C .text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00DA200C .text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DAB00C .text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00DAA00C .text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0222000C .text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0222100C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0223400C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0222C00C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0222E00C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0222D00C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0223500C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0223300C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0223600C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0223000C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0222F00C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0223200C .text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0223100C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0222700C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0222400C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0222600C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0222500C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0222900C .text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0222800C .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0222300C .text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0222200C .text C:\WINDOWS\System32\svchost.exe[1132] WS2_32.dll!send 71A54C27 5 Bytes JMP 0222B00C .text C:\WINDOWS\System32\svchost.exe[1132] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0222A00C .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069000C .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0069100C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 006A200C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0069A00C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0069C00C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0069B00C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 006A300C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 006A100C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 006A400C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0069E00C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0069D00C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 006A000C .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0069F00C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0069700C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0069400C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0069600C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0069500C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0069900C .text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0069800C .text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0069300C .text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0069200C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0410000C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0410100C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0411400C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0410C00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0410E00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0410D00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0411500C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0411300C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0411600C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0411000C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0410F00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0411200C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CreateDirectoryExW 7C85B642 3 Bytes JMP 0411100C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] kernel32.dll!CreateDirectoryExW + 4 7C85B646 1 Byte [87] .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] WS2_32.dll!send 71A54C27 5 Bytes JMP 0410B00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0410A00C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0410700C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0410400C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0410600C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0410500C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0410900C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0410800C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0410300C .text C:\Program Files\Java\jre6\bin\jqs.exe[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0410200C .text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0083000C .text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0083100C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0084400C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0083C00C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0083E00C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0083D00C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0084500C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0084300C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0084600C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0084000C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0083F00C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0084200C .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0084100C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0083700C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0083400C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0083600C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0083500C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0083900C .text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0083800C .text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0083300C .text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0083200C .text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!send 71A54C27 5 Bytes JMP 0083B00C .text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0083A00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0096400C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0095C00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0095E00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0095D00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0096500C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0096300C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0096600C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0096000C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0095F00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0096200C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0096100C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0095700C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0095400C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0095600C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0095500C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0095900C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0095800C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0095300C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0095200C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] WS2_32.dll!send 71A54C27 5 Bytes JMP 0095B00C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1240] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0095A00C .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A4000C .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A4100C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00A5400C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00A4C00C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00A4E00C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00A4D00C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00A5500C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00A5300C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00A5600C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00A5000C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00A4F00C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00A5200C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00A5100C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00A4700C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00A4400C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00A4600C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00A4500C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A4900C .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A4800C .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A4300C .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A4200C .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A4B00C .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00A4A00C .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1000C .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C1100C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00C2200C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00C1A00C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00C1C00C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00C1B00C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00C2300C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00C2100C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00C2400C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00C1E00C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00C1D00C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00C2000C .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00C1F00C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00C1700C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00C1400C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00C1600C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00C1500C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C1900C .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C1800C .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C1300C .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C1200C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA000C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00DA100C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00DB400C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00DAC00C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00DAE00C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00DAD00C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00DB500C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00DB300C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00DB600C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00DB000C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00DAF00C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00DB200C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00DB100C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DA300C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00DA200C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00DA700C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00DA400C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00DA600C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00DA500C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00DA900C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00DA800C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DAB00C .text C:\WINDOWS\system32\Ati2evxx.exe[1516] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00DAA00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006C000C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006C100C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 006D200C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 006CA00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 006CC00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 006CB00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 006D300C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 006D100C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 006D400C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 006CE00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 006CD00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 006D000C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 006CF00C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 006C700C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 006C400C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 006C600C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 006C500C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006C900C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006C800C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C300C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C200C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F5000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F5100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916DD6 .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916E47 .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916F75 .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 97, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0070000C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0070100C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0071400C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0070C00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0070E00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0070D00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0071500C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0071300C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0071600C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0071000C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0070F00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0071200C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0071100C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] WS2_32.dll!send 71A54C27 5 Bytes JMP 0070B00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0070A00C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0070700C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0070400C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0070600C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0070500C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0070900C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0070800C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0070300C .text C:\WINDOWS\system32\PnkBstrA.exe[1972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0070200C .text C:\WINDOWS\RTHDCPL.EXE[2160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02D5000C .text C:\WINDOWS\RTHDCPL.EXE[2160] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02D5100C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 068A200C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 02D5A00C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 02D5C00C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 02D5B00C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 068A300C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 068A100C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 068A400C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 02D5E00C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 02D5D00C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 068A000C .text C:\WINDOWS\RTHDCPL.EXE[2160] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 02D5F00C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 02D5700C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 02D5400C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 02D5600C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 02D5500C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 02D5900C .text C:\WINDOWS\RTHDCPL.EXE[2160] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 02D5800C .text C:\WINDOWS\RTHDCPL.EXE[2160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02D5300C .text C:\WINDOWS\RTHDCPL.EXE[2160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02D5200C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0098000C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0098100C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 029A200C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0098A00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0098C00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0098B00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 029A300C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 029A100C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 029A400C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0098E00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0098D00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 029A000C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0098F00C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0098300C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0098200C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0098700C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0098400C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0098600C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0098500C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0098900C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2176] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0098800C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0336000C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0336100C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 0337400C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 0336C00C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 0336E00C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 0336D00C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 0337500C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 0337300C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 0337600C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 0337000C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 0336F00C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 0337200C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 0337100C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 0336700C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 0336400C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 0336600C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 0336500C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 0336900C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0336800C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0336300C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 0336200C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] WS2_32.dll!send 71A54C27 5 Bytes JMP 0336B00C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2320] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0336A00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CC000C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CC100C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00CD400C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00CCC00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00CCE00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00CCD00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00CD500C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00CD300C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00CD600C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00CD000C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00CCF00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00CD200C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00CD100C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00CC700C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00CC400C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00CC600C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00CC500C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00CC900C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00CC800C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CC300C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00CC200C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CCB00C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2348] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00CCA00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F8000C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F8100C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00F9400C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00F8C00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00F8E00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00F8D00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00F9500C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00F9300C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00F9600C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00F9000C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00F8F00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00F9200C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00F9100C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00F8700C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00F8400C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00F8600C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00F8500C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00F8900C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00F8800C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00F8300C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00F8200C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F8B00C .text C:\PROGRA~1\MICROS~4\rapimgr.exe[2476] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00F8A00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE000C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CE100C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00CF400C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!CreateMutexW 7C80E957 5 Bytes JMP 00CEC00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 00CEE00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!OpenMutexA 7C80EABB 5 Bytes JMP 00CED00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 00CF500C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!GetFileSizeEx 7C810F81 5 Bytes JMP 00CF300C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!TerminateThread 7C81D233 5 Bytes JMP 00CF600C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!MoveFileWithProgressW 7C820E56 5 Bytes JMP 00CF000C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!CopyFileExW 7C82925A 5 Bytes JMP 00CEF00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!CreateDirectoryW 7C832DD2 5 Bytes JMP 00CF200C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] kernel32.dll!CreateDirectoryExW 7C85B642 5 Bytes JMP 00CF100C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 00CE700C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00CE400C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 00CE600C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00CE500C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00CE900C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00CE800C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CE300C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00CE200C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CEB00C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2876] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00CEA00C .text E:\Logi\lndp8v3t.exe[5076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B000C .text E:\Logi\lndp8v3t.exe[5076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003E000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003E100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!sendto 71A52F51 5 Bytes JMP 0C8A300C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!recvfrom 71A52FF7 5 Bytes JMP 0C8A500C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!select 71A530A8 5 Bytes JMP 0C8AE00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 0C8AB00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSAIoctl 71A53EC0 5 Bytes JMP 0C8AF00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!ioctlsocket 71A53F50 5 Bytes JMP 0C8AC00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 0C8AA00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!connect 71A54A07 5 Bytes JMP 0C8A000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!send 71A54C27 5 Bytes JMP 0C8A200C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 0C8A800C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0C8A400C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 0C8A600C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSARecvFrom 71A5F66A 5 Bytes JMP 0C8A900C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSAAsyncSelect 71A60991 5 Bytes JMP 0C8AD00C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSASendTo 71A60AAD 5 Bytes JMP 0C8A700C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0C8A100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5700] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 0C8B000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B4, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D7000C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D7100C .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B7, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B4, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B5, 79, 00] {TEST AL, 0xb5; JNS 0x4} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914FCE .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B6, 79, 00] {TEST AL, 0xb6; JNS 0x4} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B5, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B6, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91503F .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B4, 79, 00] {TEST AL, 0xb4; JNS 0x4} .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91516D .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B5, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B6, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B7, 79, 00] .text C:\Documents and Settings\MiG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[6136] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89DE51F8 AttachedDevice \Driver\Tcpip \Device\Ip fsnitdi32.sys Device \Driver\PCI_PNP7510 \Device\00000042 spsk.sys Device \Driver\usbuhci \Device\USBPDO-0 89D4C1F8 Device \Driver\usbuhci \Device\USBPDO-1 89D4C1F8 Device \Driver\usbuhci \Device\USBPDO-2 89D4C1F8 Device \Driver\usbuhci \Device\USBPDO-3 89D4C1F8 Device \Driver\usbehci \Device\USBPDO-4 89C5C1F8 AttachedDevice \Driver\Tcpip \Device\Tcp fsnitdi32.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 89E571F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89E571F8 Device \Driver\Cdrom \Device\CdRom0 89C491F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E2EB40] atapi.sys[unknown section] {INT 3 ; PUSH ESP; AND AL, 0x8; LEA ECX, [ESP+0x4]; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E2EB40] atapi.sys[unknown section] {INT 3 ; PUSH ESP; AND AL, 0x8; LEA ECX, [ESP+0x4]; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E2EB40] atapi.sys[unknown section] {INT 3 ; PUSH ESP; AND AL, 0x8; LEA ECX, [ESP+0x4]; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E2EB40] atapi.sys[unknown section] {INT 3 ; PUSH ESP; AND AL, 0x8; LEA ECX, [ESP+0x4]; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 89E571F8 Device \Driver\Cdrom \Device\CdRom1 89C491F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7732C13E-AC23-49BB-A0F7-2AF1B66475B0} 892981F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89E571F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 892981F8 Device \Driver\NetBT \Device\NetbiosSmb 892981F8 AttachedDevice \Driver\Tcpip \Device\Udp fsnitdi32.sys AttachedDevice \Driver\Tcpip \Device\RawIp fsnitdi32.sys Device \Driver\usbstor \Device\0000006a 8924A1F8 Device \Driver\usbstor \Device\0000006b 8924A1F8 Device \Driver\sptd \Device\2438758760 spsk.sys Device \Driver\usbstor \Device\0000006c 8924A1F8 Device \Driver\usbuhci \Device\USBFDO-0 89D4C1F8 Device \Driver\usbstor \Device\0000006d 8924A1F8 Device \Driver\usbuhci \Device\USBFDO-1 89D4C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892773C8 Device \Driver\usbstor \Device\0000006e 8924A1F8 Device \Driver\usbuhci \Device\USBFDO-2 89D4C1F8 Device \Driver\usbuhci \Device\USBFDO-3 89D4C1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 892773C8 Device \Driver\Ftdisk \Device\FtControl 89E571F8 Device \Driver\usbehci \Device\USBFDO-4 89C5C1F8 Device \Driver\ax5g2oqd \Device\Scsi\ax5g2oqd1Port2Path0Target0Lun0 89C451F8 Device \Driver\ax5g2oqd \Device\Scsi\ax5g2oqd1 89C451F8 Device \FileSystem\Cdfs \Cdfs 89106500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x89711939]<< 89711939 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d15ab8] 89d15ab8 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x89d5c9e8] 89d5c9e8 Trace 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d40940] 89d40940 ---- Threads - GMER 2.1 ---- Thread System [4:588] 892010F4 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x54 0x40 0xB6 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xF0 0xBB 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0x60 0x1F 0xBA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x54 0x40 0xB6 0x08 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xF0 0xBB 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9B 0x60 0x1F 0xBA ... ---- EOF - GMER 2.1 ----