GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-23 22:10:52 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD800JD-60LSA0 rev.07.01D07 74,53GB Running: rl52px4j.exe; Driver: C:\DOCUME~1\ppp\USTAWI~1\Temp\awtcrfow.sys ---- System - GMER 2.1 ---- SSDT 85C25808 ZwAlertResumeThread SSDT 85C5DF90 ZwAlertThread SSDT 85CAFD78 ZwAllocateVirtualMemory SSDT 86681480 ZwAssignProcessToJobObject SSDT 86684C50 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xF5768ED0] SSDT 85C897D8 ZwCreateMutant SSDT 86771D18 ZwCreateSymbolicLinkObject SSDT 86650CD0 ZwCreateThread SSDT 86681520 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xF5769150] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xF5769810] SSDT 865A5CE8 ZwDuplicateObject SSDT 85DFB730 ZwFreeVirtualMemory SSDT 865C4CD8 ZwImpersonateAnonymousToken SSDT 85C25728 ZwImpersonateThread SSDT 866811F8 ZwLoadDriver SSDT 86698F00 ZwMapViewOfSection SSDT 85D5BFD0 ZwOpenEvent SSDT 85C7CAB8 ZwOpenProcess SSDT 85CC2D40 ZwOpenProcessToken SSDT 86668520 ZwOpenSection SSDT 865A5DB8 ZwOpenThread SSDT 866E6AF0 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xF5769D70] SSDT 85C50D40 ZwResumeThread SSDT 85E3AD88 ZwSetContextThread SSDT 865B9B98 ZwSetInformationProcess SSDT 862AB588 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xF5769A90] SSDT 85D5BEF0 ZwSuspendProcess SSDT 85C83668 ZwSuspendThread SSDT 85C48D58 ZwTerminateProcess SSDT 85C83728 ZwTerminateThread SSDT 865D3638 ZwUnmapViewOfSection SSDT 85D6A9A8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 80503844 4 Bytes CALL 98D692A5 ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6DDF360, 0x24BBAD, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[324] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[392] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003C0048 .text C:\WINDOWS\system32\nvsvc32.exe[512] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003A004C .text C:\WINDOWS\system32\nvsvc32.exe[512] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003C084A .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003C020E .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003C012A .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003C0682 .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003C059E .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003C03D6 .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003C02F2 .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003C04BA .text C:\WINDOWS\system32\nvsvc32.exe[512] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003C0766 .text C:\WINDOWS\System32\svchost.exe[584] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\services.exe[676] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text ... .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003D0048 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003B004C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003D084A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003D020E .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003D012A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003D0682 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003D059E .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003D03D6 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003D02F2 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003D04BA .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1164] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003D0766 .text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\Explorer.EXE[1368] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINDOWS\system32\spoolsv.exe[1580] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\VDOTool\TBPanel.exe[1788] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003D0048 .text C:\Program Files\VDOTool\TBPanel.exe[1788] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003B004C .text C:\Program Files\VDOTool\TBPanel.exe[1788] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003D084A .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003D020E .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003D012A .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003D0682 .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003D059E .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003D03D6 .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003D02F2 .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003D04BA .text C:\Program Files\VDOTool\TBPanel.exe[1788] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003D0766 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 00610048 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 004F004C .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 00610A0E .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 0061020E .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 0061012A .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 00610682 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 0061059E .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 006103D6 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 006102F2 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 006104BA .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[1804] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 00610766 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 005A0048 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 0048004C .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 005A0A0E .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 005A020E .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 005A012A .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 005A0682 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 005A059E .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 005A03D6 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 005A02F2 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 005A04BA .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[1812] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 005A0766 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003C0048 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003A004C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003C084A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003C020E .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003C012A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003C0682 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003C059E .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003C03D6 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003C02F2 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003C04BA .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1840] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003C0766 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003D0048 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003B004C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003D020E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003D012A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003D0682 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003D059E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003D03D6 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003D02F2 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003D04BA .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003D0766 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1876] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003D0A0E .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003C0048 .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003A004C .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003C020E .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003C012A .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003C0682 .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003C059E .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003C03D6 .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003C02F2 .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003C04BA .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003C0766 .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 00A44760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\CardDetector\ICON225\CardDetector.exe[1912] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003C084A .text C:\WINDOWS\system32\ctfmon.exe[1924] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\Messenger\msmsgs.exe[1956] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003D0048 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003B004C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003D020E .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003D012A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003D0682 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003D059E .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003D03D6 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003D02F2 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003D04BA .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003D0766 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2032] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003D084A .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 003D0048 .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 003B004C .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003D020E .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 003D012A .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 003D0682 .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 003D059E .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003D03D6 .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003D02F2 .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003D04BA .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 003D0766 .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Documents and Settings\ppp\Moje dokumenty\Pobieranie\rl52px4j.exe[3664] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 003D084A .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 00350048 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 0033004C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 109DECBA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 109DEC49 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 107FC6FD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 0035084A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 107FCCF3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 0035020E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 0035012A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 00350682 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 0035059E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003503D6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003502F2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 003504BA .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3772] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 00350766 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtMapViewOfSection 7C90DC55 5 Bytes JMP 00310048 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtTerminateThread 7C90E8A3 5 Bytes JMP 002F004C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01B4F140 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 0216FDF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 0216FDD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01B52942 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!DeviceEventWorker + 178 77D79E68 7 Bytes JMP 0031012A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 0216FD53 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!OpenSCManagerW + A3 77DD6160 7 Bytes JMP 003102F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!StartServiceCtrlDispatcherW + 153 77DDB630 7 Bytes JMP 0031020C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!SystemFunction025 + 8D 77DDB887 7 Bytes JMP 00310764 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26CC4 7 Bytes JMP 00310680 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26E5C 7 Bytes JMP 003104B8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2706C 7 Bytes JMP 003103D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateServiceA + 193 77E27204 7 Bytes JMP 0031059C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateServiceW + 103 77E2730C 7 Bytes JMP 00310848 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\svchost.exe[392] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[392] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[392] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[392] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[472] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[472] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[472] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[472] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\winlogon.exe[632] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] [1000E360] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtEnumerateKey] [1000DFA0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteKey] [1000E310] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetInformationFile] [1000A560] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryInformationFile] [10009AB0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteFile] [1000A510] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryKey] [10009A70] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\services.exe[676] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1036] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1036] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1036] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[1036] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1340] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1340] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1340] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\system32\svchost.exe[1340] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1368] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1368] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1368] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\Explorer.EXE[1368] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----