ungibungi | 30.06.2012 14:40 | GMER.log
GMER Logfile: Code:
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2012-06-26 15:09:46
Windows 5.1.2600 Service Pack 3
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[144] ntdll.dll!NtCreateThread 7C91D1AE 6 Bytes PUSH 0325E73E; RET
.text C:\WINDOWS\Explorer.EXE[144] ntdll.dll!LdrLoadDll + 1 7C92632E 5 Bytes [19, E9, 25, 03, C3]
.text C:\WINDOWS\Explorer.EXE[144] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0325EB82; RET
.text C:\WINDOWS\Explorer.EXE[144] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0325EB41; RET
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 1 Byte [68]
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 0325EBFF; RET
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 6 Bytes CALL 3AE132D8
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0325C373; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 0325C2F5; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0325369D; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 0325C334; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0325830C; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0325835C; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0325826D; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 03259042; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 032590DC; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 03258CD0; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 03258D20; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 03258DCA; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 03258334; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0325912E; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 03258D3E; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!BeginPaint 7E378FE9 6 Bytes JMP C30325C1
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 0325C25A; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0325813F; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0325810D; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 03258F74; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 03258387; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0325C3B3; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 03258FBD; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 03258D84; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 032581C3; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0325821D; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 0325C29A; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0325908F; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0325C446; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 03258E56; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes CALL 413B2FDA C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 03253813; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 03258E10; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 03258E9F; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 03258F2E; RET
.text C:\WINDOWS\Explorer.EXE[144] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 03258186; RET
.text C:\WINDOWS\Explorer.EXE[144] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 03253AEB; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 0325DD1E; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 0325DE51; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 0325DCB1; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 0325DE25; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 0325D9F9; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 0325DA37; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 0325D9BB; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 0325DA8C; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 0325DD4C; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 0325DDCB; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 0325DB7E; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 0325DAE1; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 0325DC1B; RET
.text C:\WINDOWS\Explorer.EXE[144] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 0325DC66; RET
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 03255213; RET
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 03255602; RET
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!send 71A14C27 6 Bytes PUSH 0325563A; RET
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 032551A3; RET
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 0325565B; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ntdll.dll!NtCreateThread 7C91D1AE 4 Bytes [68, F3, 83, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ntdll.dll!NtCreateThread + 5 7C91D1B3 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ntdll.dll!LdrLoadDll + 1 7C92632E 3 Bytes [CE, 85, 18] {INTO ; TEST [EAX], EBX}
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ntdll.dll!LdrLoadDll + 5 7C926332 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00188837; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001887F6; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00180D0F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetDC 7E3686C7 1 Byte [68]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 91, 0C, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0018199A; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, D0, 0C, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0018EF3A; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0018EF8A; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0018EE9B; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00185933; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 001859CD; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, C1, 55, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 11, 56, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 001856BB; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 0018EF62; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00185A1F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0018562F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 86, 0B, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, F6, 0B, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0018ED6D; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0018ED3B; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00185865; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 0018EFB5; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00180D4F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 001858AE; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00185675; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, F1, ED, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0018EE4B; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 36, 0C, 18]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3]
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00185980; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00180DE2; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00185747; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 001857D9; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00181B10; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00185701; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00185790; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0018581F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0018EDB4; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 001888B4; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 6 Bytes PUSH 0018889D; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 001867BD; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 00186BAC; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WS2_32.dll!send 71A14C27 6 Bytes PUSH 00186BE4; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 0018674D; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 00186C05; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 00186604; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 0018351C; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 0018364F; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 001834AF; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 00183623; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 001831F7; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 00183235; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 001831B9; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 0018328A; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 0018354A; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 001835C9; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 0018337C; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 001832DF; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 00183419; RET
.text C:\DOKUME~1\UNGI\LOKALE~1\Temp\Rar$EX14.125\gmer.exe[1192] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 00183464; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] ntdll.dll!NtCreateThread 7C91D1AE 6 Bytes PUSH 01ACE73E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] ntdll.dll!LdrLoadDll + 1 7C92632E 5 Bytes [19, E9, AC, 01, C3] {SBB ECX, EBP; LODSB ; ADD EBX, EAX}
.text D:\Programme\WinRAR\WinRAR.exe[1340] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 01ACEB82; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 01ACEB41; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] ADVAPI32.DLL!CreateProcessAsUserW 77DBA8A9 1 Byte [68]
.text D:\Programme\WinRAR\WinRAR.exe[1340] ADVAPI32.DLL!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 01ACEBFF; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] ADVAPI32.DLL!CreateProcessAsUserA 77DE0CE8 6 Bytes CALL 3ADFB9D8
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01ACC373; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01ACC2F5; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 01AC369D; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01ACC334; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01AC830C; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01AC835C; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01AC826D; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01AC9042; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01AC90DC; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 01AC8CD0; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 01AC8D20; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 01AC8DCA; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01AC8334; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 01AC912E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 01AC8D3E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!BeginPaint 7E378FE9 6 Bytes JMP C301ACC1
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01ACC25A; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01AC813F; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01AC810D; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 01AC8F74; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01AC8387; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01ACC3B3; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 01AC8FBD; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 01AC8D84; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 01AC81C3; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01AC821D; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01ACC29A; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 01AC908F; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01ACC446; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 01AC8E56; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes CALL 4139B6DA C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 01AC3813; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 01AC8E10; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 01AC8E9F; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 01AC8F2E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01AC8186; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 01AC5213; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 01AC5602; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WS2_32.dll!send 71A14C27 6 Bytes PUSH 01AC563A; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 01AC51A3; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 01AC565B; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 01AC3AEB; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 01ACDD1E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 01ACDE51; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 01ACDCB1; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 01ACDE25; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 01ACD9F9; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 01ACDA37; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 01ACD9BB; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 01ACDA8C; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 01ACDD4C; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 01ACDDCB; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 01ACDB7E; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 01ACDAE1; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 01ACDC1B; RET
.text D:\Programme\WinRAR\WinRAR.exe[1340] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 01ACDC66; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] ntdll.dll!NtCreateThread 7C91D1AE 6 Bytes PUSH 0129E73E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] ntdll.dll!LdrLoadDll + 1 7C92632E 5 Bytes [19, E9, 29, 01, C3] {SBB ECX, EBP; SUB [ECX], EAX; RET }
.text C:\Programme\Elantech\ETDCtrl.exe[1516] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0129EB82; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0129EB41; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 1 Byte [68]
.text C:\Programme\Elantech\ETDCtrl.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 0129EBFF; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 6 Bytes CALL 3ADF36D8
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0129C373; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 0129C2F5; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0129369D; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 0129C334; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0129830C; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0129835C; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0129826D; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01299042; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 012990DC; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 01298CD0; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 01298D20; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 01298DCA; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01298334; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0129912E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 01298D3E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!BeginPaint 7E378FE9 6 Bytes JMP C30129C1
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 0129C25A; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0129813F; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0129810D; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 01298F74; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01298387; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0129C3B3; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 01298FBD; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 01298D84; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 012981C3; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0129821D; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 0129C29A; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0129908F; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0129C446; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 01298E56; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes CALL 413933DA
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 01293813; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 01298E10; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 01298E9F; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 01298F2E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01298186; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 01295213; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 01295602; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WS2_32.dll!send 71A14C27 6 Bytes PUSH 0129563A; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 012951A3; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 0129565B; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 01293AEB; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 0129DD1E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 0129DE51; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 0129DCB1; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 0129DE25; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 0129D9F9; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 0129DA37; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 0129D9BB; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 0129DA8C; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 0129DD4C; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 0129DDCB; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 0129DB7E; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 0129DAE1; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 0129DC1B; RET
.text C:\Programme\Elantech\ETDCtrl.exe[1516] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 0129DC66; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] ntdll.dll!NtCreateThread 7C91D1AE 4 Bytes [68, 3E, E7, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] ntdll.dll!NtCreateThread + 5 7C91D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] ntdll.dll!LdrLoadDll + 1 7C92632E 3 Bytes JMP FD5563E7
.text C:\WINDOWS\system32\wscntfy.exe[1976] ntdll.dll!LdrLoadDll + 5 7C926332 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B4EB82; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B4EB41; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00B4C373; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F5, C2, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00B4369D; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 34, C3, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00B4830C; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00B4835C; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00B4826D; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00B49042; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00B490DC; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, D0, 8C, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 20, 8D, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00B48DCA; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00B48334; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00B4912E; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00B48D3E; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!BeginPaint 7E378FE9 4 Bytes JMP C300B4C1
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 5A, C2, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00B4813F; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00B4810D; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00B48F74; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00B48387; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00B4C3B3; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00B48FBD; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00B48D84; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, C3, 81, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00B4821D; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 9A, C2, B4]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3]
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00B4908F; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00B4C446; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00B48E56; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes CALL 4138BEDA
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00B43813; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00B48E10; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00B48E9F; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00B48F2E; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00B48186; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 1 Byte [68]
.text C:\WINDOWS\system32\wscntfy.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 00B4EBFF; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 6 Bytes CALL 3ADEC1D8
.text C:\WINDOWS\system32\wscntfy.exe[1976] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 00B45213; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 00B45602; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WS2_32.dll!send 71A14C27 6 Bytes PUSH 00B4563A; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 00B451A3; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 00B4565B; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 00B43AEB; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 00B4DD1E; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 00B4DE51; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 00B4DCB1; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 00B4DE25; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 00B4D9F9; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 00B4DA37; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 00B4D9BB; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 00B4DA8C; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 00B4DD4C; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 00B4DDCB; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 00B4DB7E; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 00B4DAE1; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 00B4DC1B; RET
.text C:\WINDOWS\system32\wscntfy.exe[1976] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 00B4DC66; RET
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateThread 7C91D1AE 4 Bytes [68, 3E, E7, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!NtCreateThread + 5 7C91D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!LdrLoadDll + 1 7C92632E 3 Bytes JMP FD55640A
.text C:\WINDOWS\system32\svchost.exe[2400] ntdll.dll!LdrLoadDll + 5 7C926332 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00D7EB82; RET
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00D7EB41; RET
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 1 Byte [68]
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 6 Bytes PUSH 00D7EBFF; RET
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 6 Bytes CALL 3ADEE4D8
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00D7C373; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F5, C2, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00D7369D; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 34, C3, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00D7830C; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00D7835C; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00D7826D; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00D79042; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00D790DC; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, D0, 8C, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 20, 8D, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00D78DCA; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00D78334; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00D7912E; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00D78D3E; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!BeginPaint 7E378FE9 4 Bytes JMP C300D7C1
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 5A, C2, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00D7813F; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00D7810D; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00D78F74; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00D78387; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00D7C3B3; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00D78FBD; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00D78D84; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, C3, 81, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00D7821D; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 9A, C2, D7]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00D7908F; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00D7C446; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00D78E56; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes CALL 4138E1DA C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00D73813; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00D78E10; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00D78E9F; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00D78F2E; RET
.text C:\WINDOWS\system32\svchost.exe[2400] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00D78186; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!getaddrinfo 71A12A6F 6 Bytes PUSH 00D75213; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!closesocket 71A13E2B 6 Bytes PUSH 00D75602; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!send 71A14C27 6 Bytes PUSH 00D7563A; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!gethostbyname 71A15355 6 Bytes PUSH 00D751A3; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!WSASend 71A168FA 6 Bytes PUSH 00D7565B; RET
.text C:\WINDOWS\system32\svchost.exe[2400] CRYPT32.dll!PFXImportCertStore 77ABFF8F 6 Bytes PUSH 00D73AEB; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetReadFile 408C655B 6 Bytes PUSH 00D7DD1E; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpQueryInfoA 408C879D 6 Bytes PUSH 00D7DE51; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetCloseHandle 408C9098 6 Bytes PUSH 00D7DCB1; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetQueryDataAvailable 408CBF93 6 Bytes PUSH 00D7DE25; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpOpenRequestA 408CD518 6 Bytes PUSH 00D7D9F9; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpSendRequestW 408CFACE 6 Bytes PUSH 00D7DA37; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpOpenRequestW 408CFC0B 6 Bytes PUSH 00D7D9BB; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpSendRequestA 408DEEA1 6 Bytes PUSH 00D7DA8C; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetReadFileExA 408E3271 6 Bytes PUSH 00D7DD4C; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetSetFilePointer 40925A11 6 Bytes PUSH 00D7DDCB; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpSendRequestExA 4093A6DA 6 Bytes PUSH 00D7DB7E; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpSendRequestExW 4093A733 6 Bytes PUSH 00D7DAE1; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpEndRequestA 4093A7E2 6 Bytes PUSH 00D7DC1B; RET
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!HttpEndRequestW 4093A814 6 Bytes PUSH 00D7DC66; RET
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x6C 0xBC 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x77 0x39 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF4 0x6A 0x24 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x6C 0xBC 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x77 0x39 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF4 0x6A 0x24 0x4F ...
---- EOF - GMER 1.0.15 ---- --- --- --- |