GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-20 13:45:22 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 MAXTOR_STM3160811AS rev.3.AAE 149,05GB Running: d5t41r4g.exe; Driver: C:\DOCUME~1\Corri\USTAWI~1\Temp\fwacqaod.sys ---- System - GMER 2.1 ---- SSDT 8A3CF2F0 ZwAlertResumeThread SSDT 8A41A518 ZwAlertThread SSDT 8A435128 ZwAllocateVirtualMemory SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort [0xB451BFC0] SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile [0xB4518C80] SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey [0xB4533170] SSDT 8A3C92E8 ZwCreateMutant SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort [0xB451C580] SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess [0xB4530900] SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx [0xB4530B10] SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection [0xB4534B10] SSDT 8A62CF18 ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort [0xB451C670] SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile [0xB4519210] SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey [0xB45339F0] SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey [0xB45337A0] SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject [0xB4530280] SSDT 8A3BA848 ZwFreeVirtualMemory SSDT 8A337688 ZwImpersonateAnonymousToken SSDT 8A3D1338 ZwImpersonateThread SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey [0xB4533F10] SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey2 [0xB4533F90] SSDT 8A39E0F8 ZwMapViewOfSection SSDT 8A3E4518 ZwOpenEvent SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile [0xB4519070] SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess [0xB4532180] SSDT 8A3318C0 ZwOpenProcessToken SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread [0xB4531F40] SSDT 8A4190B0 ZwOpenThreadToken SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0xB821D840] SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey [0xB45346F0] SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey [0xB4534150] SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort [0xB451BBE0] SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey [0xB4534540] SSDT 8A439C30 ZwResumeThread SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort [0xB451C190] SSDT 8A348548 ZwSetContextThread SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile [0xB4519440] SSDT 8A3F09F8 ZwSetInformationProcess SSDT 8A368BC0 ZwSetInformationThread SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey [0xB45334E0] SSDT 8A3D4DC8 ZwSuspendProcess SSDT 8A428D20 ZwSuspendThread SSDT \SystemRoot\System32\vsdatant.sys ZwSystemDebugControl [0xB4531200] SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess [0xB4531080] SSDT 8A369738 ZwTerminateThread SSDT 8A34F898 ZwUnmapViewOfSection SSDT 8A347CB8 ZwWriteVirtualMemory INT 0x62 ? 8A6D6CC8 INT 0x63 ? 8A6D6CC8 INT 0x63 ? 8A6D6CC8 INT 0x63 ? 8A39FF00 INT 0x63 ? 8A39FF00 INT 0x63 ? 8A6D6CC8 INT 0x74 ? 8A39FF00 INT 0x82 ? 8A6D6CC8 INT 0x94 ? 8A39FF00 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2410 80501C38 4 Bytes [E8, 92, 3C, 8A] .text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C44 12 Bytes [80, C5, 51, B4, 00, 09, 53, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F80 12 Bytes [C8, 4D, 3D, 8A, 20, 8D, 42, ...] .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F8D346] ? srescan.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB722B3C0, 0x74AA7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C76390 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C76640 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C753D0 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C75300 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711C0 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C71290 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C72570 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C71000 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C710A0 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C72510 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C71D10 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C77250 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00C72160 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00C720A0 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[200] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00C723A0 .text C:\WINDOWS\RTHDCPL.EXE[224] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 04866390 .text C:\WINDOWS\RTHDCPL.EXE[224] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 04866640 .text C:\WINDOWS\RTHDCPL.EXE[224] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 048653D0 .text C:\WINDOWS\RTHDCPL.EXE[224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 04865300 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 048611C0 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 04861290 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 04862570 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 04861000 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 048610A0 .text C:\WINDOWS\RTHDCPL.EXE[224] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 04862510 .text C:\WINDOWS\RTHDCPL.EXE[224] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04861D10 .text C:\WINDOWS\RTHDCPL.EXE[224] WS2_32.dll!send 71A54C27 5 Bytes JMP 04867250 .text C:\WINDOWS\RTHDCPL.EXE[224] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 04862160 .text C:\WINDOWS\RTHDCPL.EXE[224] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 048620A0 .text C:\WINDOWS\RTHDCPL.EXE[224] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 048623A0 .text C:\WINDOWS\system32\ctfmon.exe[824] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A66390 .text C:\WINDOWS\system32\ctfmon.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A66640 .text C:\WINDOWS\system32\ctfmon.exe[824] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A653D0 .text C:\WINDOWS\system32\ctfmon.exe[824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A65300 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A611C0 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A61290 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A62570 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A61000 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A610A0 .text C:\WINDOWS\system32\ctfmon.exe[824] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A62510 .text C:\WINDOWS\system32\ctfmon.exe[824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A61D10 .text C:\WINDOWS\system32\ctfmon.exe[824] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A67250 .text C:\WINDOWS\system32\ctfmon.exe[824] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A62160 .text C:\WINDOWS\system32\ctfmon.exe[824] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A620A0 .text C:\WINDOWS\system32\ctfmon.exe[824] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A623A0 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02306390 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02306640 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 023053D0 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02305300 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023011C0 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02301290 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02302570 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02301000 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 023010A0 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02302510 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02301D10 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ws2_32.dll!send 71A54C27 3 Bytes JMP 02307250 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] ws2_32.dll!send + 4 71A54C2B 1 Byte [90] .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02302160 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 023020A0 .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[848] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 023023A0 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe[880] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011E6390 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011E6640 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011E53D0 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011E5300 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 011E11C0 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011E1290 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 011E2570 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011E1000 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 011E10A0 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011E2510 .text C:\WINDOWS\system32\csrss.exe[908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011E1D10 .text C:\WINDOWS\system32\csrss.exe[908] WS2_32.dll!send 71A54C27 5 Bytes JMP 011E7250 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011E2160 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011E20A0 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011E23A0 .text C:\WINDOWS\system32\winlogon.exe[932] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01A06390 .text C:\WINDOWS\system32\winlogon.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01A06640 .text C:\WINDOWS\system32\winlogon.exe[932] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01A053D0 .text C:\WINDOWS\system32\winlogon.exe[932] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01A05300 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A011C0 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01A01290 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01A02570 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01A01000 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01A010A0 .text C:\WINDOWS\system32\winlogon.exe[932] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01A02510 .text C:\WINDOWS\system32\winlogon.exe[932] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A01D10 .text C:\WINDOWS\system32\winlogon.exe[932] WS2_32.dll!send 71A54C27 5 Bytes JMP 01A07250 .text C:\WINDOWS\system32\winlogon.exe[932] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01A02160 .text C:\WINDOWS\system32\winlogon.exe[932] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01A020A0 .text C:\WINDOWS\system32\winlogon.exe[932] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01A023A0 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 010A6390 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 010A6640 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010A53D0 .text C:\WINDOWS\system32\services.exe[976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 010A5300 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A11C0 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010A1290 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 010A2570 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 010A1000 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010A10A0 .text C:\WINDOWS\system32\services.exe[976] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 010A2510 .text C:\WINDOWS\system32\services.exe[976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 010A1D10 .text C:\WINDOWS\system32\services.exe[976] WS2_32.dll!send 71A54C27 5 Bytes JMP 010A7250 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 010A2160 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 010A20A0 .text C:\WINDOWS\system32\services.exe[976] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 010A23A0 .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BE6390 .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BE6640 .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BE53D0 .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BE5300 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE11C0 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BE1290 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BE2570 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00BE1000 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BE10A0 .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BE2510 .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BE1D10 .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BE7250 .text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00BE2160 .text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00BE20A0 .text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00BE23A0 .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00CE6390 .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00CE6640 .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00CE53D0 .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00CE5300 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE11C0 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CE1290 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00CE2570 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00CE1000 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00CE10A0 .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00CE2510 .text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CE1D10 .text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CE7250 .text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00CE2160 .text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00CE20A0 .text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00CE23A0 .text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02816390 .text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02816640 .text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 028153D0 .text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02815300 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028111C0 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02811290 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02812570 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02811000 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 028110A0 .text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02812510 .text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02811D10 .text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!send 71A54C27 5 Bytes JMP 02817250 .text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02812160 .text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 028120A0 .text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 028123A0 .text C:\WINDOWS\system32\wscntfy.exe[1424] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wscntfy.exe[1424] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wscntfy.exe[1424] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wscntfy.exe[1424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[1424] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wscntfy.exe[1424] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wscntfy.exe[1424] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wscntfy.exe[1424] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wscntfy.exe[1424] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wscntfy.exe[1424] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01326390 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01326640 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013253D0 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01325300 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013211C0 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01321290 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01322570 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01321000 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013210A0 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01322510 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01321D10 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] ws2_32.dll!send 71A54C27 5 Bytes JMP 01327250 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01322160 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 013220A0 .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1480] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 013223A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 041C6390 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 041C6640 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 041C53D0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 041C5300 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 041C11C0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 041C1290 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 041C2570 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 041C1000 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 041C10A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 041C2510 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 041C1D10 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] WS2_32.dll!send 71A54C27 5 Bytes JMP 041C7250 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 041C2160 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 041C20A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1560] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 041C23A0 .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E16390 .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E16640 .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E153D0 .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E15300 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E111C0 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E11290 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E12570 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E11000 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E110A0 .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E12510 .text C:\WINDOWS\system32\spoolsv.exe[1628] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11D10 .text C:\WINDOWS\system32\spoolsv.exe[1628] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E17250 .text C:\WINDOWS\system32\spoolsv.exe[1628] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E12160 .text C:\WINDOWS\system32\spoolsv.exe[1628] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E120A0 .text C:\WINDOWS\system32\spoolsv.exe[1628] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00E123A0 .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 019C6390 .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 019C6640 .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 019C53D0 .text C:\WINDOWS\Explorer.EXE[1692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 019C5300 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019C11C0 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 019C1290 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 019C2570 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 019C1000 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 019C10A0 .text C:\WINDOWS\Explorer.EXE[1692] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 019C2510 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 019C2160 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 019C20A0 .text C:\WINDOWS\Explorer.EXE[1692] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 019C23A0 .text C:\WINDOWS\Explorer.EXE[1692] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 019C1D10 .text C:\WINDOWS\Explorer.EXE[1692] WS2_32.dll!send 71A54C27 5 Bytes JMP 019C7250 .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007F6390 .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007F6640 .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007F53D0 .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007F5300 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F11C0 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007F1290 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007F2570 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007F1000 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007F10A0 .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007F2510 .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007F1D10 .text C:\WINDOWS\system32\svchost.exe[1776] WS2_32.dll!send 71A54C27 5 Bytes JMP 007F7250 .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007F2160 .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007F20A0 .text C:\WINDOWS\system32\svchost.exe[1776] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007F23A0 .text C:\WINDOWS\System32\alg.exe[1844] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[1844] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[1844] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[1844] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[1844] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[1844] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[1844] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[1844] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\alg.exe[1844] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[1844] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00CC6390 .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00CC6640 .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00CC53D0 .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00CC5300 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC11C0 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC1290 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00CC2570 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00CC1000 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00CC10A0 .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00CC2510 .text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CC1D10 .text C:\WINDOWS\system32\svchost.exe[1876] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CC7250 .text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00CC2160 .text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00CC20A0 .text C:\WINDOWS\system32\svchost.exe[1876] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00CC23A0 .text C:\WINDOWS\system32\RunDLL32.exe[1908] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 017C6390 .text C:\WINDOWS\system32\RunDLL32.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 017C6640 .text C:\WINDOWS\system32\RunDLL32.exe[1908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 017C53D0 .text C:\WINDOWS\system32\RunDLL32.exe[1908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 017C5300 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017C11C0 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 017C1290 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 017C2570 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 017C1000 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 017C10A0 .text C:\WINDOWS\system32\RunDLL32.exe[1908] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 017C2510 .text C:\WINDOWS\system32\RunDLL32.exe[1908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 017C1D10 .text C:\WINDOWS\system32\RunDLL32.exe[1908] WS2_32.dll!send 71A54C27 5 Bytes JMP 017C7250 .text C:\WINDOWS\system32\RunDLL32.exe[1908] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 017C2160 .text C:\WINDOWS\system32\RunDLL32.exe[1908] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 017C20A0 .text C:\WINDOWS\system32\RunDLL32.exe[1908] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 017C23A0 .text C:\WINDOWS\system32\nvsvc32.exe[2120] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011F6390 .text C:\WINDOWS\system32\nvsvc32.exe[2120] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011F6640 .text C:\WINDOWS\system32\nvsvc32.exe[2120] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011F53D0 .text C:\WINDOWS\system32\nvsvc32.exe[2120] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011F5300 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F11C0 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011F1290 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 011F2570 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011F1000 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011F10A0 .text C:\WINDOWS\system32\nvsvc32.exe[2120] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011F2510 .text C:\WINDOWS\system32\nvsvc32.exe[2120] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011F1D10 .text C:\WINDOWS\system32\nvsvc32.exe[2120] WS2_32.dll!send 71A54C27 5 Bytes JMP 011F7250 .text C:\WINDOWS\system32\nvsvc32.exe[2120] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011F2160 .text C:\WINDOWS\system32\nvsvc32.exe[2120] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011F20A0 .text C:\WINDOWS\system32\nvsvc32.exe[2120] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011F23A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00966390 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00966640 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009653D0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00965300 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009611C0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00961290 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00962570 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00961000 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009610A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00962510 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00961D10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] WS2_32.dll!send 71A54C27 5 Bytes JMP 00967250 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00962160 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 009620A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2228] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 009623A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A46390 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A46640 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A453D0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A45300 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A411C0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A41290 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A42570 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A41000 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A410A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A42510 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A41D10 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A47250 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A42160 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A420A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2568] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A423A0 .text C:\WINDOWS\system32\wuauclt.exe[3208] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\wuauclt.exe[3208] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\wuauclt.exe[3208] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\wuauclt.exe[3208] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\wuauclt.exe[3208] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\wuauclt.exe[3208] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\wuauclt.exe[3208] WS2_32.dll!send 71A54C27 5 Bytes JMP 000B7250 .text C:\WINDOWS\system32\wuauclt.exe[3208] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000B2160 .text C:\WINDOWS\system32\wuauclt.exe[3208] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\wuauclt.exe[3208] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000B23A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3384] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A6D51F8 Device \Driver\Tcpip \Device\Ip vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS Device \Driver\usbuhci \Device\USBPDO-0 8A419430 Device \Driver\usbuhci \Device\USBPDO-1 8A419430 Device \Driver\usbuhci \Device\USBPDO-2 8A419430 Device \Driver\usbuhci \Device\USBPDO-3 8A419430 Device \Driver\usbehci \Device\USBPDO-4 8A3B7430 Device \Driver\NetBT \Device\NetBT_Tcpip_{82C0FDFA-F3D0-440C-978E-5AF7E60C399E} 8A521430 Device \Driver\Tcpip \Device\Tcp vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS Device \Driver\Cdrom \Device\CdRom0 8A4091F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8A521430 Device \Driver\NetBT \Device\NetbiosSmb 8A521430 Device \Driver\Tcpip \Device\Udp vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS Device \Driver\Tcpip \Device\RawIp vsdatant.sys AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS Device \Driver\usbuhci \Device\USBFDO-0 8A419430 Device \Driver\usbuhci \Device\USBFDO-1 8A419430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A412430 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys Device \Driver\usbuhci \Device\USBFDO-2 8A419430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A412430 Device \Driver\usbuhci \Device\USBFDO-3 8A419430 Device \Driver\usbehci \Device\USBFDO-4 8A3B7430 Device \FileSystem\Cdfs \Cdfs 8989A1F8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\Video\{04C743A6-5B9D-4A8B-93F2-8635E8437F06}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{0B921C92-D2A7-453A-A077-2509FA27573F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{1CEBADBB-3E19-48F6-8C9E-086C2D394BFE}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{1F74C15B-9431-4C9C-978A-84A00877FFA2}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{04C743A6-5B9D-4A8B-93F2-8635E8437F06}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{0B921C92-D2A7-453A-A077-2509FA27573F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{1CEBADBB-3E19-48F6-8C9E-086C2D394BFE}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{1F74C15B-9431-4C9C-978A-84A00877FFA2}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{04C743A6-5B9D-4A8B-93F2-8635E8437F06}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{0B921C92-D2A7-453A-A077-2509FA27573F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{1CEBADBB-3E19-48F6-8C9E-086C2D394BFE}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{1F74C15B-9431-4C9C-978A-84A00877FFA2}\0000@D3D_\x3332\x3331 2089309684 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Xcmgmd C:\Documents and Settings\Corri\Dane aplikacji\Xcmgmd.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Corri\Dane aplikacji\Xcmgmd.exe Xcmgmd Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31249 Przesy?a kopie zaznaczonych element?w do publicznej strony sieci Web, udost?pniaj?c je w ten spos?b innym osobom. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-12695 Zawiera pliki i foldery wsp??u?ytkowane przez u?ytkownik?w tego komputera. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll,-20003 Internetowe ustawienia komunikacyjne Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31371 Wysy?a wiadomo?? e-mail z kopiami zaznaczonych plik?w lub plik?w wewn?trz zaznaczonego folderu. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31316 Uruchamia Kreatora drukowania fotografii, kt?ry pomaga w formatowaniu i drukowaniu obraz?w cyfrowych. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31314 Uruchamia Kreatora zamawiania odbitek online, kt?ry pomaga w zamawianiu odbitek obraz?w cyfrowych. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31288 Rozmieszcza wszystkie obrazy z tego folderu w formie pokazu slajd?w. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Windows Media Player\wmplayer.exe Windows Media Player Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31276 Zadania muzyki Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31278 Odtw?rz wszystko Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp3res.dll,-3000 Zakupy muzyki w trybie online Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31279 Odtw?rz zaznaczenie Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31372 Kopiuj do dysku CD audio Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-22912 Pokazuje skr?ty do witryn sieci Web, komputer?w sieciowych i witryn FTP. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31277 Te zadania dotycz? zaznaczonych plik?w i folder?w muzycznych. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30498 Pliki i foldery Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30506 Zapami?taj ustawienia wy?wietlania ka?dego folderu Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30497 Poka? Panel sterowania w oknie M?j komputer Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30507 Uruchom okna folder?w w osobnych procesach Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30517 Nie buforuj miniatur Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30514 Wy?wietl informacje o rozmiarze plik?w w etykietkach folder?w Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30511 Wy?wietl list? folder?w Eksploratora w prostym widoku folder?w Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30499 Ukryte pliki i foldery Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30501 Nie pokazuj ukrytych plik?w i folder?w Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30500 Poka? ukryte pliki i foldery Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30503 Ukryj rozszerzenia znanych typ?w plik?w Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30509 Automatycznie wyszukuj foldery sieciowe i drukarki Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30513 Przywr?? poprzednie okna folder?w po zalogowaniu Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30512 Poka? zaszyfrowane lub skompresowane pliki NTFS w kolorze Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30504 Wy?wietl pe?n? ?cie?k? na pasku tytu?u Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30505 Wy?wietl pe?n? ?cie?k? na pasku adresu Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30502 Poka? podr?czny opis element?w folder?w i pulpitu Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30508 Ukryj chronione pliki systemu operacyjnego (zalecane) Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-30510 Wy?wietl zawarto?? folder?w systemowych Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31390 Drukuj ten obraz Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31289 Ustaw jako t?o pulpitu Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31352 Kopiuj na dysk CD Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31315 Drukuj wybrane obrazy Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@sendmail.dll,-4 Adresat poczty Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@zipfldr.dll,-10148 Folder skompresowany (zip) Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@sendmail.dll,-21 Pulpit (utw?rz skr?t) Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12589 Pliki znajduj?ce si? aktualnie na dysku CD Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12590 Pliki gotowe do zapisania na dysku CD Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31295 Wy?wietla informacje o tym komputerze, takie jak szybko?? procesora i ilo?? zainstalowanej pami?ci. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31328 Zawiera kroki niezb?dne do dodania nowego programu lub zmiany albo usuni?cia programu istniej?cego. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31361 Zapewnia opcje umo?liwiaj?ce dostosowanie wygl?du i funkcjonalno?ci tego komputera. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31329 Zadania Kosza Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Corri\Pulpit\Flash_Disinfector.exe Flash_Disinfector Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\Corri\USTAWI~1\Temp\nircmd.exe NirCmd Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\taskmgr.exe Mened?er zada? systemu Windows Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe Symantec CMC SmcGui Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Network Diagnostic for Windows XP Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Corri\Pulpit\Avast_Free_Antivirus_instalator_sciagnij.exe Avast_Free_Antivirus_instalator_sciagnij Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Opera\updatechecker\opera_autoupdate.exe opera_autoupdate Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-10078 Wybiera programy domy?lne dla pewnych czynno?ci, takich jak przegl?danie sieci Web lub wysy?anie poczty e-mail i okre?la, kt?re programy s? dost?pne w menu Start, na pulpicie i w innych lokalizacjach. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe SCSI Pass Through Direct setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\CCleaner\CCleaner.exe CCleaner Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-31361 Zapewnia opcje umo?liwiaj?ce dostosowanie wygl?du i funkcjonalno?ci tego komputera. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\Corri\USTAWI~1\Temp\~nsu.tmp\Au_.exe DAEMON Tools Lite Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Corri\Pulpit\d5t41r4g.exe d5t41r4g ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Corri\Dane aplikacji\Xcmgmd.exe 149284 bytes executable ---- EOF - GMER 2.1 ----