občas se mi hroutí aplikace i hry naposled i ntldr soubor, takže jsem noteboook oživoval vším možným až se rozjel, hroucení přetrvavá sestava hp 8284 1.83Ghzcentr. duo ,256 samostat graf, 4 G paměti, při zhroucení aplikace mě ramka jde na 3.6 -3,8 Gb
ComboFix 09-04-01.01 - albinfrost 2009-04-02 17:18:02.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2589 [GMT 2:00]
Spuštěný z: d:\a_internet\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\e100bmsg.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-02 do 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 17:19 . 2009-04-02 17:19 53,248 --a------ c:\temp\catchme.dll
2009-04-02 17:18 . 2009-04-02 17:18 <DIR> d-------- c:\temp\WPDNSE
2009-04-02 15:44 . 2009-04-02 15:44 <DIR> d-------- c:\windows\Sun
2009-04-01 18:33 . 2008-12-21 18:04 26,154 --a------ c:\windows\system32\oemlogo.bmp
2009-04-01 18:30 . 2009-04-01 18:30 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-04-01 18:30 . 2009-04-01 18:30 <DIR> d-------- c:\program files\Extras
2009-04-01 18:30 . 2009-04-01 18:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2009-04-01 18:30 . 2006-03-01 05:21 1,263,616 --a------ c:\windows\system32\Aurora.scr
2009-04-01 18:30 . 2006-03-01 04:53 773,120 --a------ c:\windows\system32\Bubbles.scr
2009-04-01 18:30 . 2005-12-11 01:53 720,412 --a------ c:\windows\system32\MGB_Scrn.scr
2009-04-01 18:30 . 2006-03-29 08:50 671,744 --a------ c:\windows\system32\DolbyHph.dll
2009-04-01 18:30 . 2006-12-11 01:15 498,176 --a------ c:\windows\system32\vLogon.scr
2009-04-01 18:30 . 2006-03-01 05:21 117,248 --a------ c:\windows\system32\Ribbons.scr
2009-04-01 18:30 . 2006-03-03 14:42 117,248 --a------ c:\windows\system32\Mystify.scr
2009-04-01 18:30 . 2006-03-29 08:51 60,416 --a------ c:\windows\system32\DSETUP.dll
2009-04-01 18:30 . 2006-03-29 08:49 9,856 --a------ c:\windows\system32\drivers\pfc.sys
2009-04-01 18:30 . 2006-05-05 19:21 4,608 --a------ c:\windows\system32\drivers\nvport.sys
2009-04-01 18:29 . 2009-04-01 18:29 <DIR> d-------- c:\program files\Java
2009-04-01 18:29 . 2009-04-01 18:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-01 18:29 . 2009-04-01 18:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-01 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-04-01 18:23 . 2009-04-01 18:24 <DIR> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 15:18 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\DMCache
2009-04-02 14:56 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-02 14:51 --------- d-----w c:\program files\Spyware Doctor
2009-04-02 14:26 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\uTorrent
2009-04-01 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Ahead
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 15:16 --------- d-----w c:\program files\Broadcom
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\TechSmith
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Tools
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\NVIDIA
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\URSoft
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Thunderbird
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Talkback
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\PC Tools
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\InstallShield
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\IDM
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ICQ
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\gtk-2.0
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\FastStone
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ESET
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Convivea
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Ahead
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-04 04:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-13 22:43 491,520 ----a-w c:\windows\WebIE.dll
2009-01-13 22:43 45,056 ----a-w c:\windows\TRNOEH.DLL
2009-01-13 22:43 356,352 ----a-w c:\windows\TrnOutl.dll
2009-01-13 22:43 294,912 ----a-w c:\windows\TrnWord.dll
2009-01-13 22:43 26,624 ----a-w c:\windows\OETRN.EXE
2009-01-13 22:43 200,704 ----a-w c:\windows\TRNOET.DLL
2009-01-13 21:15 6,728,192 ----a-w c:\windows\system32\logonuiX.exe
.
------- Sigcheck -------
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\svchost.exe
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\dllcache\svchost.exe
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\ws2_32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\dllcache\ws2_32.dll
2008-04-14 08:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2GDR\wininet.dll
2008-10-16 21:49 827904 a72d6cc0f715d415003478294c4ecb2a c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2QFE\wininet.dll
2008-10-16 12:39 660480 20275ea77612128219308d1bfac3f7ab c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2GDR\wininet.dll
2008-10-16 12:36 668672 dc068c9c851b3f601d91bfa93e053993 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2QFE\wininet.dll
2008-10-16 03:03 667136 8e7de90524f7dd5db33cc38ad9a1b0b4 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3GDR\wininet.dll
2008-10-16 03:06 668160 370940e124256d20de4ca7e51377335c c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3QFE\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2GDR\wininet.dll
2008-08-26 11:12 827904 a74381b8d7024b2d8bb5691a93f825b8 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2QFE\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\dllcache\wininet.dll
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\winlogon.exe
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\dllcache\winlogon.exe
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 15:26 2025984 6045c7424106cca4c9970c7230bd6253 c:\windows\system32\ntkrnlpa.exe
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 15:26 2147328 ffeb7726951f6d2859df12fbc51f0188 c:\windows\system32\ntoskrnl.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\system32\dllcache\ntoskrnl.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\explorer.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\system32\dllcache\explorer.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\services.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\dllcache\services.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\lsass.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\dllcache\lsass.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\ctfmon.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\spoolsv.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\dllcache\spoolsv.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\userinit.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\dllcache\userinit.exe
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\termsrv.dll
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\dllcache\termsrv.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\kernel32.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\dllcache\kernel32.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\powrprof.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\dllcache\powrprof.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\imm32.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\dllcache\imm32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-01-14 26624]
"uTorrent"="i:\utorrent\utorrent.exe" [2009-03-04 281392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\a_programy\Internet\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-04-01 577597]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-04-01 160792]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-01 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-04-01 69120]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2009-04-01 117376]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-01 356920]
S3 UDTTAFAT;DVB-T USB Stick;c:\windows\system32\drivers\UDTTAFAT.sys [2009-04-01 147968]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ASLIAHMU
*Deregistered* - asliahmu
*Deregistered* - mchInjDrv
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-CTFMON - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\a_prog~1\Windows\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout s IDM - c:\a_programy\Internet\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\a_programy\Internet\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\a_programy\Internet\Internet Download Manager\IEGetAll.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\albinfrost\Data aplikací\Mozilla\Firefox\Profiles\7jtxc9ng.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\a_programy\Internet\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\a_programy\Internet\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 17:19:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,59,fc,18,6d,5b,10,e5,20,bc,0b,ef,7a,5c,9e,59,8f,24,ab,46,c9,
ca,a9,85,48,f4,63,e4,7a,b7,56,dd,28,ff,36,af,b6,95,49,d0,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}]
@Denied: (Full) (Everyone)
"Model"=dword:00000052
"Therad"=dword:0000000f
.
Celkový čas: 2009-04-02 17:20:38
ComboFix-quarantined-files.txt 2009-04-02 15:20:36
Před spuštěním: Volných bajtů: 20 715 409 408
Po spuštění: Volných bajtů: 20,701,188,096
244 --- E O F --- 2009-03-14 01:38:26
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím kontrolu logu Combofix notebooku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
zdravim
vsechny soubory v sekci
------- Sigcheck -------
otestujte na VIRUSTOTALu
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
vsechny soubory v sekci
------- Sigcheck -------
otestujte na VIRUSTOTALu
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
stačí takhle nebo celý vypis
jediny nakaženy soubor
------- Sigcheck -------
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
jediny nakaženy soubor
------- Sigcheck -------
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
spis mne zajima kolik antiviru se vyjadrilo (to tam pisou) a jaky druh malware prevlada 
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
albinfrost píše:stačí takhle nebo celý vypis
jediny nakaženy soubor
------- Sigcheck -------
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll McAfee-GW-Edition - - Win32.LooksLike.NewMalware
MD5: e16e0990967374e76f3e40cacafd3d53
Poprvé zaslán: 2008.12.18 20:38:35 (CET)
Datum: 2009.04.01 15:19:18 (CET) [+1D]
Výsledky: 1/40
Stálý odkaz: analisis/e94bac7e9e89248893a56e507fddf178
McAfee-GW-Edition - - Win32.LooksLike.NewMalware[/quote]
a ješte jeden co jsem si hrál
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
MD5: 8a5657af7b9944d1aca509fb1ef2a12a
Poprvé zaslán: 2008.08.06 13:58:15 (CET)
Datum: 2009.02.28 16:04:24 (CET) [>33D]
Výsledky: 1/39
Stálý odkaz: analisis/45bb1f1afafffebbee01ac1ed90c11b5
VBA32 3.12.10.1 2009.02.26 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
jinak negativní vse od 36 po 40 antivirusech
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
tak to bychom meli...
stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 22:33:32
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 22:35:09
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-04-02 22:33:32
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 22:35:09
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
jeste ten druhej
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
to bude chvili trvat v set an dok mam asi tak 10 G packu při kapacitě 2 x 300 G hardisku to moc není, ale oddíl c ma jen 60 G
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
GMER 2 log ma 140 000 znaku chcete ho sem cely nebo jen nejakou jeho část
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
doufam že jsem neudelal něco špatně 
1 část logu
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-03 00:34:11
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xB30737A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB3070794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB3070F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB30741F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xB307442A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB307512A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xB307483C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB306FD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB306F384]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03940001
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001
.text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A50001
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013A0001
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A10001
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\taskmgr.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\taskmgr.exe[652] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\Explorer.EXE[692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[716] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044A809 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\nvsvc32.exe[760] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\nvsvc32.exe[760] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
1 část logu
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-03 00:34:11
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xB30737A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB3070794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB3070F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB30741F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xB307442A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB307512A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xB307483C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB306FD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB306F384]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[164] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03940001
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[228] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001
.text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A50001
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013A0001
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[536] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A10001
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[616] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\taskmgr.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\taskmgr.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\taskmgr.exe[652] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\Explorer.EXE[692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[716] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044A809 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\nvsvc32.exe[760] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\nvsvc32.exe[760] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\A_PROGRAMY\Manazer\Comač\Comač.EXE[1068] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1072] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[1072] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
Naposledy upravil(a) albinfrost dne 03 dub 2009 00:07, celkem upraveno 1 x.
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
2 část logu
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text C:\WINDOWS\system32\lsass.exe[1160] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[1160] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006A0001
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C30001
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018D0001
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\OETRN.EXE[1764] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\OETRN.EXE[1764] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text C:\WINDOWS\system32\lsass.exe[1160] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[1160] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006A0001
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\IoctlSvc.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\svchost.exe[1576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C30001
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018D0001
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\OETRN.EXE[1764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\OETRN.EXE[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\OETRN.EXE[1764] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\OETRN.EXE[1764] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
3 čast logu
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text I:\uTorrent\utorrent.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A20001
.text I:\uTorrent\utorrent.exe[1848] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text I:\uTorrent\utorrent.exe[1848] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\WINDOWS\system32\ctfmon.exe[1864] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[1864] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01AB0001
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\WINDOWS\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00750001
.text C:\WINDOWS\System32\alg.exe[2908] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[2908] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03C50001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044A81D C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00790001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\prodrv06 \Device\ProDrv06 E1935420
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E16D5568
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x1B 0x59 0xFC 0x18 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}@Model 82
Reg HKLM\SOFTWARE\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}@Therad 15
---- EOF - GMER 1.0.15 ----
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text I:\uTorrent\utorrent.exe[1848] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text I:\uTorrent\utorrent.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A20001
.text I:\uTorrent\utorrent.exe[1848] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text I:\uTorrent\utorrent.exe[1848] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\WINDOWS\system32\ctfmon.exe[1864] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[1864] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01AB0001
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IDMan.exe[1872] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[2824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\WINDOWS\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\alg.exe[2908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00750001
.text C:\WINDOWS\System32\alg.exe[2908] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[2908] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\albinfrost\Plocha\gmer.exe[3376] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A
.text C:\A_PROGRAMY\Internet\Internet Download Manager\IEMonitor.exe[3532] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03C50001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044A81D C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00790001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3820] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
Device \Driver\prodrv06 \Device\ProDrv06 E1935420
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E16D5568
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x1B 0x59 0xFC 0x18 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}@Model 82
Reg HKLM\SOFTWARE\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}@Therad 15
---- EOF - GMER 1.0.15 ----
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
udelal jste to skvele, ale logy jsou OK 
hodte mi sem aktualni log z Combofixu, porovnam si to s GMERem
hodte mi sem aktualni log z Combofixu, porovnam si to s GMERem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
-
albinfrost
- Návštěvník
- Příspěvky: 19
- Registrován: 07 led 2008 20:24
- Bydliště: Adamov
- Kontaktovat uživatele:
Re: Prosím kontrolu logu Combofix notebooku
dneska jsem si půjčil plnou verzi antiviru Dr. Web nechal jsem projet podrobně hardisky- oddíly (je jich 6) sector po sectoru našel mi 45 různých šmejdů, ty jsem přes temto antivir smazal, co nešlo jsem vymazal nenávratně přes révo unistalater, projistotu jsem si naklonoval systémový oddíl na flešku. dneska jsem jel na notasu cely den a zesypalo se mi to jen 1, a to díky přehřáté grafice. Snad to bude už dobré. potřeboval bych poradit, Dělám dost náročné operace, stránkovaní mam nastavenu od 20G do 35 G, jak nastavit plánování procesoru a využití paměti? ted mám program a program. nemá tam být náhodou u paměti na mezipamět, to jen tak okrajově. A tu je ten log.
ComboFix 09-04-01.01 - albinfrost 2009-04-03 20:04:25.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2645 [GMT 2:00]
Spuštěný z: d:\a_internet\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 20:06 . 2009-04-03 20:06 53,248 --a------ c:\temp\catchme.dll
2009-04-03 20:04 . 2009-04-03 20:04 <DIR> d-------- c:\temp\WPDNSE
2009-04-02 15:44 . 2009-04-02 15:44 <DIR> d-------- c:\windows\Sun
2009-04-01 18:33 . 2008-12-21 18:04 26,154 --a------ c:\windows\system32\oemlogo.bmp
2009-04-01 18:30 . 2006-03-01 05:21 1,263,616 --a------ c:\windows\system32\Aurora.scr
2009-04-01 18:30 . 2006-03-01 04:53 773,120 --a------ c:\windows\system32\Bubbles.scr
2009-04-01 18:30 . 2005-12-11 01:53 720,412 --a------ c:\windows\system32\MGB_Scrn.scr
2009-04-01 18:30 . 2006-03-29 08:50 671,744 --a------ c:\windows\system32\DolbyHph.dll
2009-04-01 18:30 . 2006-12-11 01:15 498,176 --a------ c:\windows\system32\vLogon.scr
2009-04-01 18:30 . 2006-03-01 05:21 117,248 --a------ c:\windows\system32\Ribbons.scr
2009-04-01 18:30 . 2006-03-03 14:42 117,248 --a------ c:\windows\system32\Mystify.scr
2009-04-01 18:30 . 2006-03-29 08:51 60,416 --a------ c:\windows\system32\DSETUP.dll
2009-04-01 18:30 . 2006-03-29 08:49 9,856 --a------ c:\windows\system32\drivers\pfc.sys
2009-04-01 18:30 . 2006-05-05 19:21 4,608 --a------ c:\windows\system32\drivers\nvport.sys
2009-04-01 18:29 . 2009-04-01 18:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-01 18:29 . 2009-04-01 18:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-01 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-04-01 18:23 . 2009-04-01 18:24 <DIR> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 18:04 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\DMCache
2009-04-03 15:07 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\uTorrent
2009-04-03 12:08 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-03 12:08 --------- d-----w c:\program files\Spyware Doctor
2009-04-02 18:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Ahead
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 15:16 --------- d-----w c:\program files\Broadcom
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\TechSmith
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Tools
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\NVIDIA
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\URSoft
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Thunderbird
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Talkback
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\PC Tools
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\InstallShield
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\IDM
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ICQ
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\gtk-2.0
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\FastStone
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ESET
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Convivea
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Ahead
2009-03-10 20:18 969,608 ----a-w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 265,096 ----a-w c:\windows\system32\dllcache\wgaLogon.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-04 04:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-13 22:43 491,520 ----a-w c:\windows\WebIE.dll
2009-01-13 22:43 45,056 ----a-w c:\windows\TRNOEH.DLL
2009-01-13 22:43 356,352 ----a-w c:\windows\TrnOutl.dll
2009-01-13 22:43 294,912 ----a-w c:\windows\TrnWord.dll
2009-01-13 22:43 26,624 ----a-w c:\windows\OETRN.EXE
2009-01-13 22:43 200,704 ----a-w c:\windows\TRNOET.DLL
2009-01-13 21:15 6,728,192 ----a-w c:\windows\system32\logonuiX.exe
.
------- Sigcheck -------
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\svchost.exe
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\dllcache\svchost.exe
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\ws2_32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\dllcache\ws2_32.dll
2008-04-14 08:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2GDR\wininet.dll
2008-10-16 21:49 827904 a72d6cc0f715d415003478294c4ecb2a c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2QFE\wininet.dll
2008-10-16 12:39 660480 20275ea77612128219308d1bfac3f7ab c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2GDR\wininet.dll
2008-10-16 12:36 668672 dc068c9c851b3f601d91bfa93e053993 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2QFE\wininet.dll
2008-10-16 03:03 667136 8e7de90524f7dd5db33cc38ad9a1b0b4 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3GDR\wininet.dll
2008-10-16 03:06 668160 370940e124256d20de4ca7e51377335c c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3QFE\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2GDR\wininet.dll
2008-08-26 11:12 827904 a74381b8d7024b2d8bb5691a93f825b8 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2QFE\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\dllcache\wininet.dll
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\winlogon.exe
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\dllcache\winlogon.exe
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 15:26 2025984 6045c7424106cca4c9970c7230bd6253 c:\windows\system32\ntkrnlpa.exe
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 15:26 2147328 ffeb7726951f6d2859df12fbc51f0188 c:\windows\system32\ntoskrnl.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\system32\dllcache\ntoskrnl.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\explorer.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\system32\dllcache\explorer.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\services.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\dllcache\services.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\lsass.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\dllcache\lsass.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\ctfmon.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\spoolsv.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\dllcache\spoolsv.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\userinit.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\dllcache\userinit.exe
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\termsrv.dll
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\dllcache\termsrv.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\kernel32.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\dllcache\kernel32.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\powrprof.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\dllcache\powrprof.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\imm32.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\dllcache\imm32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-01-14 26624]
"uTorrent"="i:\utorrent\utorrent.exe" [2009-03-04 281392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\a_programy\Internet\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-04-01 577597]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-04-01 160792]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-01 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-04-01 69120]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2009-04-01 117376]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-01 356920]
S3 UDTTAFAT;DVB-T USB Stick;c:\windows\system32\drivers\UDTTAFAT.sys [2009-04-01 147968]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\a_prog~1\Windows\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout s IDM - c:\a_programy\Internet\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\a_programy\Internet\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\a_programy\Internet\Internet Download Manager\IEGetAll.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\albinfrost\Data aplikací\Mozilla\Firefox\Profiles\7jtxc9ng.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\a_programy\Internet\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\a_programy\Internet\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 20:06:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,59,fc,18,6d,5b,10,e5,20,bc,0b,ef,7a,5c,9e,59,8f,24,ab,46,c9,
ca,a9,85,48,f4,63,e4,7a,b7,56,dd,28,ff,36,af,b6,95,49,d0,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}]
@Denied: (Full) (Everyone)
"Model"=dword:00000052
"Therad"=dword:0000000f
.
Celkový čas: 2009-04-03 20:07:26
ComboFix-quarantined-files.txt 2009-04-03 18:07:24
ComboFix2.txt 2009-04-02 15:20:39
Před spuštěním: Volných bajtů: 21 393 477 632
Po spuštění: Volných bajtů: 21,342,597,120
229 --- E O F --- 2009-04-02 16:48:44
ComboFix 09-04-01.01 - albinfrost 2009-04-03 20:04:25.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2645 [GMT 2:00]
Spuštěný z: d:\a_internet\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 20:06 . 2009-04-03 20:06 53,248 --a------ c:\temp\catchme.dll
2009-04-03 20:04 . 2009-04-03 20:04 <DIR> d-------- c:\temp\WPDNSE
2009-04-02 15:44 . 2009-04-02 15:44 <DIR> d-------- c:\windows\Sun
2009-04-01 18:33 . 2008-12-21 18:04 26,154 --a------ c:\windows\system32\oemlogo.bmp
2009-04-01 18:30 . 2006-03-01 05:21 1,263,616 --a------ c:\windows\system32\Aurora.scr
2009-04-01 18:30 . 2006-03-01 04:53 773,120 --a------ c:\windows\system32\Bubbles.scr
2009-04-01 18:30 . 2005-12-11 01:53 720,412 --a------ c:\windows\system32\MGB_Scrn.scr
2009-04-01 18:30 . 2006-03-29 08:50 671,744 --a------ c:\windows\system32\DolbyHph.dll
2009-04-01 18:30 . 2006-12-11 01:15 498,176 --a------ c:\windows\system32\vLogon.scr
2009-04-01 18:30 . 2006-03-01 05:21 117,248 --a------ c:\windows\system32\Ribbons.scr
2009-04-01 18:30 . 2006-03-03 14:42 117,248 --a------ c:\windows\system32\Mystify.scr
2009-04-01 18:30 . 2006-03-29 08:51 60,416 --a------ c:\windows\system32\DSETUP.dll
2009-04-01 18:30 . 2006-03-29 08:49 9,856 --a------ c:\windows\system32\drivers\pfc.sys
2009-04-01 18:30 . 2006-05-05 19:21 4,608 --a------ c:\windows\system32\drivers\nvport.sys
2009-04-01 18:29 . 2009-04-01 18:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-01 18:29 . 2009-04-01 18:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-01 18:28 . 2009-04-01 18:28 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-01 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-04-01 18:23 . 2009-04-01 18:24 <DIR> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 18:04 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\DMCache
2009-04-03 15:07 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\uTorrent
2009-04-03 12:08 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-03 12:08 --------- d-----w c:\program files\Spyware Doctor
2009-04-02 18:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Ahead
2009-04-01 15:16 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 15:16 --------- d-----w c:\program files\Broadcom
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\TechSmith
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Tools
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\NVIDIA
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-04-01 15:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ahead
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\URSoft
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Thunderbird
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Talkback
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\PC Tools
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\InstallShield
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\IDM
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ICQ
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\gtk-2.0
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\FastStone
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\ESET
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Convivea
2009-04-01 15:10 --------- d-----w c:\documents and settings\albinfrost\Data aplikací\Ahead
2009-03-10 20:18 969,608 ----a-w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 265,096 ----a-w c:\windows\system32\dllcache\wgaLogon.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-04 04:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-13 22:43 491,520 ----a-w c:\windows\WebIE.dll
2009-01-13 22:43 45,056 ----a-w c:\windows\TRNOEH.DLL
2009-01-13 22:43 356,352 ----a-w c:\windows\TrnOutl.dll
2009-01-13 22:43 294,912 ----a-w c:\windows\TrnWord.dll
2009-01-13 22:43 26,624 ----a-w c:\windows\OETRN.EXE
2009-01-13 22:43 200,704 ----a-w c:\windows\TRNOET.DLL
2009-01-13 21:15 6,728,192 ----a-w c:\windows\system32\logonuiX.exe
.
------- Sigcheck -------
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\svchost.exe
2008-04-14 08:52 14336 be4a520e29b6391f49e79ccc52044d93 c:\windows\system32\dllcache\svchost.exe
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\user32.dll
2008-04-14 08:52 578560 e16e0990967374e76f3e40cacafd3d53 c:\windows\system32\dllcache\user32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\ws2_32.dll
2008-04-14 08:52 82432 951d473917c51f21496d914cf6e5ddd1 c:\windows\system32\dllcache\ws2_32.dll
2008-04-14 08:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-10-16 22:33 826368 84801e4617b5afb065dd58438850587d c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2GDR\wininet.dll
2008-10-16 21:49 827904 a72d6cc0f715d415003478294c4ecb2a c:\windows\SoftwareDistribution\Download\2cf2d98cbc4be029ee9881f0a8b57a97\SP2QFE\wininet.dll
2008-10-16 12:39 660480 20275ea77612128219308d1bfac3f7ab c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2GDR\wininet.dll
2008-10-16 12:36 668672 dc068c9c851b3f601d91bfa93e053993 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP2QFE\wininet.dll
2008-10-16 03:03 667136 8e7de90524f7dd5db33cc38ad9a1b0b4 c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3GDR\wininet.dll
2008-10-16 03:06 668160 370940e124256d20de4ca7e51377335c c:\windows\SoftwareDistribution\Download\83f190f9e0a95cb6bf971f6d27f9deef\SP3QFE\wininet.dll
2008-08-26 10:27 826368 0930f57122ff74739e3684d0016877f1 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2GDR\wininet.dll
2008-08-26 11:12 827904 a74381b8d7024b2d8bb5691a93f825b8 c:\windows\SoftwareDistribution\Download\b036fb87dc9cfdb88c64df1ddd121b4f\SP2QFE\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\wininet.dll
2008-12-21 01:03 826368 793da751c812efc3c6786bbd3b8489a8 c:\windows\system32\dllcache\wininet.dll
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\winlogon.exe
2008-04-14 08:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\system32\dllcache\winlogon.exe
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2008-04-14 00:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
2008-04-14 00:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 15:26 2025984 6045c7424106cca4c9970c7230bd6253 c:\windows\system32\ntkrnlpa.exe
2008-08-14 15:26 2068224 09cd607918c3f5600d8a111155f62ca6 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 15:26 2147328 ffeb7726951f6d2859df12fbc51f0188 c:\windows\system32\ntoskrnl.exe
2008-08-14 15:26 2191360 91f18ab1e9acbf6e27a5545a8f57c89b c:\windows\system32\dllcache\ntoskrnl.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\explorer.exe
2008-04-14 08:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\system32\dllcache\explorer.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\services.exe
2008-04-14 08:52 108544 f0d2ae69035092bf22dad6b50fab85c2 c:\windows\system32\dllcache\services.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\lsass.exe
2008-04-14 08:52 13312 ed0a176354487ceed65b80a7148ab739 c:\windows\system32\dllcache\lsass.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\ctfmon.exe
2008-04-14 08:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\spoolsv.exe
2008-04-14 08:52 57856 cb1090bca0e7b40d0b5b4e4d66531809 c:\windows\system32\dllcache\spoolsv.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\userinit.exe
2008-04-14 08:52 26112 7dc1830f22e7d275b438127b68030239 c:\windows\system32\dllcache\userinit.exe
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\termsrv.dll
2008-04-14 08:52 295936 a75dd6fc3dbee4fff5ebc9f2c28bb66e c:\windows\system32\dllcache\termsrv.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\kernel32.dll
2008-04-14 08:51 988160 fd91cd95a1c663df54dd371cc8a234de c:\windows\system32\dllcache\kernel32.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\powrprof.dll
2008-04-14 08:51 17408 9fa69781caa7a1da981a24f240a61a60 c:\windows\system32\dllcache\powrprof.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\imm32.dll
2008-04-14 08:51 110080 6c60ca8ac7470ac01cfd3d24c7283cd1 c:\windows\system32\dllcache\imm32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-01-14 26624]
"uTorrent"="i:\utorrent\utorrent.exe" [2009-03-04 281392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\a_programy\Internet\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-04-01 577597]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-04-01 160792]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-01 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-04-01 69120]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2009-04-01 117376]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-01 356920]
S3 UDTTAFAT;DVB-T USB Stick;c:\windows\system32\drivers\UDTTAFAT.sys [2009-04-01 147968]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\a_prog~1\Windows\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout s IDM - c:\a_programy\Internet\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\a_programy\Internet\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\a_programy\Internet\Internet Download Manager\IEGetAll.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\albinfrost\Data aplikací\Mozilla\Firefox\Profiles\7jtxc9ng.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - plugin: c:\a_programy\Internet\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\a_programy\Internet\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 20:06:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,59,fc,18,6d,5b,10,e5,20,bc,0b,ef,7a,5c,9e,59,8f,24,ab,46,c9,
ca,a9,85,48,f4,63,e4,7a,b7,56,dd,28,ff,36,af,b6,95,49,d0,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e3609ddc-2c35-4ab5-93bf-6c3e6bd8efae}]
@Denied: (Full) (Everyone)
"Model"=dword:00000052
"Therad"=dword:0000000f
.
Celkový čas: 2009-04-03 20:07:26
ComboFix-quarantined-files.txt 2009-04-03 18:07:24
ComboFix2.txt 2009-04-02 15:20:39
Před spuštěním: Volných bajtů: 21 393 477 632
Po spuštění: Volných bajtů: 21,342,597,120
229 --- E O F --- 2009-04-02 16:48:44
Přispějete na provoz fóra?