Sekání, zpomalení - log Malwarebit

Zpráva

otulka · #1 Příspěvek od **otulka** » 11 zář 2010 12:39

Protože mám problémy v nadpisu, udělal jsem si scan s Malwarebites
Ukázalo mi to tohle:

Dávám sem ještě log .... co s tím?
Dík

Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verze databáze: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.9.2010 11:57:07
protokol malwar

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 231691
Uplynulý čas: 27 minuta(y), 55 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 4
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\5.bin (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
C:\Program Files\FunWebProducts\Installr\4.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\4.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\4.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> No action taken.

#2 Příspěvek od **earl** » 11 zář 2010 12:51

Zdravim,

dejte smazat,co MBAM nasel.

Pote z nej vlozte novy log.

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

otulka · #3 Příspěvek od **otulka** » 11 zář 2010 12:57

Tady ještě doplňuji log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Fanda at 2010-09-11 13:31:26
Microsoft Windows 7 Ultimate
System drive C: has 360 GB (83%) free of 435 GB
Total RAM: 3327 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:31:33, on 11.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Pl�n2\schedhlp.exe
C:\Windows\vsnpstd3.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp325.exe
C:\Windows\vsnp325.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Fanda\AppData\Local\Seznam.cz\postak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\365dni\365dniNET.exe
C:\Program Files\proces_killer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Fanda\Documents\My DAP Downloads\Software Downloads\RSIT.exe
C:\Program Files\trend micro\Fanda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Users\Fanda\AppData\Local\Seznam.cz\core.2.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Slu�ba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Pl�n2\schedhlp.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SA69F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Fanda\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dni\365dniNET.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)" -"http://www.afrodita.name/hraj_hra.php?hra=135-alias"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: proces_killer � z�stupce.lnk = C:\Program Files\proces_killer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Zdroje informac� - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit p�eklada� - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovn�k - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: P�elo�it &ozna�en� text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: P�elo�it &str�nku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Slu�ba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Pl�n2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 11901 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Windows\WebIE.dll [2009-12-10 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2008-09-11 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-06-17 848376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Users\Fanda\AppData\Local\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-12-09 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Windows\WebIE.dll [2009-12-10 491520]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2008-09-11 321120]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-06-17 848376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-06-05 1417216]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
""= []
"Slu�ba Acronis Scheduler2"=C:\Program Files\Common Files\Acronis\Pl�n2\schedhlp.exe [2009-11-26 361976]
"snpstd3"=C:\Windows\vsnpstd3.exe [2005-09-05 339968]
"FixCamera"=C:\Windows\FixCamera.exe [2007-02-12 20480]
"tsnp325"=C:\Windows\tsnp325.exe [2006-10-10 270336]
"snp325"=C:\Windows\vsnp325.exe [2006-10-10 827392]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-12-09 2799104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"EPSON Stylus DX8400 Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [2007-04-12 182272]
"Seznam Postak"=C:\Users\Fanda\AppData\Local\Seznam.cz\postak.exe [2010-03-01 451224]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
"365dni"=C:\Program Files\365dni\365dniNET.exe [2010-05-13 858624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-09-11 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe [2008-09-11 46200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSMenu]
C:\Program Files\CSMenu\CSMenu.exe [2009-12-03 316224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2009-01-08 1331024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Fanda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
C:\PROGRA~1\vghd\vghd.exe [2010-04-04 480592]

C:\Users\Fanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
proces_killer � z�stupce.lnk - C:\Program Files\proces_killer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=1
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0x03000000
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\PROGRAM FILES\PROCES EXPLORER\PROCEXP.EXE"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-11 12:13:42 ----D---- C:\rsit
2010-09-10 12:49:46 ----D---- C:\Users\Fanda\AppData\Roaming\365dni
2010-09-10 12:49:33 ----D---- C:\Program Files\365dni
2010-08-25 16:38:57 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-12 07:42:53 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 07:42:52 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 07:42:51 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 07:42:51 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-12 07:42:51 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 07:42:51 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 07:42:44 ----A---- C:\Windows\system32\ir32_32.dll
2010-08-12 07:42:44 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 07:42:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 07:42:41 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 07:42:36 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 07:42:34 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 07:42:33 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 07:42:33 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 07:42:33 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 07:42:33 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 07:42:33 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 07:42:32 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 07:42:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 07:42:32 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 07:42:32 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 07:42:12 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 07:42:12 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 months======

2010-09-11 13:31:32 ----D---- C:\Program Files\Trend Micro
2010-09-11 13:31:19 ----D---- C:\Windows\Temp
2010-09-11 13:24:33 ----A---- C:\Windows\TRNCOM.INI
2010-09-11 13:24:19 ----AD---- C:\Windows
2010-09-11 13:24:19 ----A---- C:\Windows\MAILTRAN.INI
2010-09-11 13:02:11 ----D---- C:\Users\Fanda\AppData\Roaming\Skype
2010-09-11 12:13:53 ----D---- C:\Windows\Prefetch
2010-09-11 08:15:43 ----D---- C:\Windows\system32\config
2010-09-11 08:02:16 ----D---- C:\Users\Fanda\AppData\Roaming\skypePM
2010-09-11 08:02:08 ----AD---- C:\ProgramData\TEMP
2010-09-10 12:49:33 ----D---- C:\Program Files
2010-09-10 07:27:48 ----A---- C:\Windows\Ff.INI
2010-09-05 09:33:30 ----SHD---- C:\System Volume Information
2010-09-03 19:55:28 ----D---- C:\Windows\system32\catroot2
2010-09-02 16:56:51 ----D---- C:\Windows\System32
2010-09-02 16:54:21 ----D---- C:\Windows\system32\NDF
2010-08-29 07:51:32 ----SHD---- C:\Windows\Installer
2010-08-25 16:45:28 ----D---- C:\Windows\winsxs
2010-08-25 16:39:40 ----D---- C:\Windows\AppPatch
2010-08-25 16:38:54 ----D---- C:\Windows\system32\catroot
2010-08-22 08:54:42 ----D---- C:\Windows\inf
2010-08-20 18:10:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-12 19:28:39 ----D---- C:\Windows\debug
2010-08-12 09:40:24 ----D---- C:\Windows\Microsoft.NET
2010-08-12 09:40:09 ----RSD---- C:\Windows\assembly
2010-08-12 08:03:15 ----D---- C:\Windows\system32\drivers
2010-08-12 08:03:14 ----D---- C:\Program Files\Internet Explorer
2010-08-12 08:03:13 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2009-05-12 154664]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-01-07 158272]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-06 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-01-07 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-01-07 581984]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-02-02 281760]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-02-02 25888]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-12-09 44384]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-01-07 160288]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-08-23 103952]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-03-30 20824]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-01-19 47360]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]
R3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-06-02 1056256]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Slu�ba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Za��zen� Bluetooth (s�� PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovlada� portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovlada� rozhran� USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Za��zen� Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 RSUSBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys [2009-08-10 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-08-19 173056]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovlada� skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Slu�ba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Pl�n2\schedul2.exe [2009-11-26 661008]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-07 2480048]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-30 303952]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-10 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-06 435016]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#4 Příspěvek od **earl** » 11 zář 2010 13:08

Ok,ted uz bude stacit jen ten GMER.

Tyto soubory mate v pc umyslne?

C:\Program Files\proces_killer.exe

C:\Program Files\vghd\vghd.exe

otulka · #5 Příspěvek od **otulka** » 12 zář 2010 07:30

Jo mám je tam úmyslně, ale už je nepotřebuju a odinstnu je (proceskiller mám na to když se nějaký proces sekne, tak ho z traye ukončím, to druhé je sopořič VirtualGirls - odinstaluji.
Jdu zkusit GMER - válečný stroj proti rotikitům

otulka · #6 Příspěvek od **otulka** » 12 zář 2010 08:57

sken z GMER zde - http://leteckaposta.cz/121918663
nepovolilo mi to zadat to přímo sem, protože to má víc než 6000 znaků

#7 Příspěvek od **earl** » 12 zář 2010 09:08

Rozdelte ten log na vic casti a vlozte ho sem do vice postu.

otulka · #8 Příspěvek od **otulka** » 12 zář 2010 10:30

OK, to mne nenapadlo

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 08:46:35
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Fanda\AppData\Local\Temp\uglcypob.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E082D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E07898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E201A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spsb.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E28000, 0x2CB104, 0xE8000020]
.text USBPORT.SYS!DllUnload 91BBACA0 5 Bytes JMP 86E301D8
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x823A2300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x82226300, 0x1BEE, 0xE8000020]
.text peauth.sys A1020C9D 28 Bytes [04, 1E, B6, 65, C1, 97, 8B, ...]
.text peauth.sys A1020CC1 28 Bytes [04, 1E, B6, 65, C1, 97, 8B, ...]
PAGE peauth.sys A102702C 102 Bytes [90, 52, 7C, A1, 43, DB, 4A, ...]
.text KernelBase.dll!CreateNamedPipeW + 1E 75580A00 9 Bytes [00, 00, 3B, C8, 0F, 87, 61, ...]
.text KernelBase.dll!CreateNamedPipeW + 28 75580A0A 4 Bytes [0F, 85, 49, 5C]
.text KernelBase.dll!CreateNamedPipeW + 2E 75580A10 28 Bytes [83, 4D, F8, FF, 53, 8D, 45, ...]
.text KernelBase.dll!CreateNamedPipeW + F9 75580ADB 12 Bytes [C0, 8B, CE, 81, E1, 00, 00, ...]
.text KernelBase.dll!CreateNamedPipeW + 106 75580AE8 19 Bytes [10, 00, 0B, D1, 0F, B6, C8, ...]
.text ...
.text KernelBase.dll!ObjectCloseAuditAlarmW + 17 75580BBA 19 Bytes [8D, 45, F8, FF, 75, 0C, 50, ...]
.text KernelBase.dll!ObjectCloseAuditAlarmW + 2C 75580BCF 6 Bytes [33, C0, 40, C9, C2, 0C]
.text KernelBase.dll!ObjectCloseAuditAlarmW + 33 75580BD6 100 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!ObjectOpenAuditAlarmW + 61 75580C3C 6 Bytes [33, C0, 40, C9, C2, 30]
.text KernelBase.dll!ObjectOpenAuditAlarmW + 68 75580C43 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!GetLogicalDrives + 22 75580C6A 3 Bytes [83, 7D, DC]
.text KernelBase.dll!GetLogicalDrives + 26 75580C6E 4 Bytes [0F, 84, 7B, 91]
.text KernelBase.dll!GetLogicalDrives + 2C 75580C74 126 Bytes [8B, 45, DC, C9, C3, 90, 90, ...]
.text KernelBase.dll!GetLogicalDriveStringsW + 75 75580CF3 26 Bytes [0F, 85, 9D, 7E, FF, FF, 8B, ...]
.text KernelBase.dll!GetLogicalDriveStringsW + 90 75580D0E 3 Bytes [90, 90, 41] {NOP ; NOP ; INC ECX}
.text KernelBase.dll!GetLogicalDriveStringsW + 94 75580D12 1 Byte [3A]
.text KernelBase.dll!GetLogicalDriveStringsW + 94 75580D12 3 Bytes [3A, 00, 5C] {CMP AL, [EAX]; POP ESP}
.text KernelBase.dll!GetLogicalDriveStringsW + 9A 75580D18 75 Bytes [0F, B7, 45, E6, 03, F8, 0F, ...]
.text KernelBase.dll!EnumUILanguagesW + 15 75580D66 3 Bytes [5D, C2, 0C]
.text KernelBase.dll!EnumUILanguagesW + 19 75580D6A 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!Internal_EnumUILanguages + B 75580D7A 53 Bytes [A1, C0, 49, 5A, 75, 33, C5, ...]
.text KernelBase.dll!Internal_EnumUILanguages + 43 75580DB2 6 Bytes [3B, C6, 0F, 84, 05, C1]
.text KernelBase.dll!Internal_EnumUILanguages + 4B 75580DBA 14 Bytes [53, 8B, 5D, 0C, F7, C3, 03, ...]
.text KernelBase.dll!Internal_EnumUILanguages + 5B 75580DCA 10 Bytes [57, 8B, FB, 83, E7, 04, 0F, ...]
.text KernelBase.dll!Internal_EnumUILanguages + 67 75580DD6 16 Bytes [F6, C3, 10, 0F, 84, EE, 88, ...]
.text ...
.text KernelBase.dll!FindNextFileW + 46 755812F8 265 Bytes [04, 0F, 84, 00, 01, 00, 00, ...]
.text KernelBase.dll!FindNextFileW + 150 75581402 34 Bytes [8B, 47, 14, F7, D8, 1B, C0, ...]
.text KernelBase.dll!FindNextFileW + 173 75581425 51 Bytes CALL B05814C1
.text KernelBase.dll!FindNextFileW + 1A7 75581459 14 Bytes CALL 755667E9 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindNextFileW + 1B6 75581468 180 Bytes [00, 00, 56, 8B, 4D, E0, 81, ...]
.text ...
.text KernelBase.dll!SetEndOfFile + 58 75581689 7 Bytes [D6, 85, C0, 0F, 8C, 10, 1D]
.text KernelBase.dll!SetEndOfFile + 61 75581692 25 Bytes [8B, 45, F8, 89, 45, E8, 8B, ...]
.text KernelBase.dll!SetEndOfFile + 7B 755816AC 8 Bytes [D6, 85, C0, 0F, 8C, ED, 1C, ...]
.text KernelBase.dll!SetEndOfFile + 84 755816B5 8 Bytes [33, C0, 40, 5E, 5F, C9, C2, ...]
.text KernelBase.dll!SetEndOfFile + 8D 755816BE 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!DestroyPrivateObjectSecurity + 15 755816D8 7 Bytes [00, 33, C0, 40, 5D, C2, 04]
.text KernelBase.dll!DestroyPrivateObjectSecurity + 1D 755816E0 46 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!CreatePrivateObjectSecurityEx + 2B 75581710 6 Bytes [33, C0, 40, 5D, C2, 20]
.text KernelBase.dll!CreatePrivateObjectSecurityEx + 32 75581717 51 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!FlushViewOfFile + 30 7558174C 15 Bytes [33, C0, 40, C9, C2, 08, 00, ...]
.text KernelBase.dll!FlushViewOfFile + 40 7558175C 2 Bytes [08, 00] {OR [EAX], AL}
.text KernelBase.dll!FlushViewOfFile + 43 7558175F 35 Bytes CALL 75567086 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FlushViewOfFile + 67 75581783 48 Bytes JMP 75567ED2 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!SetFileAttributesW + 24 755817B4 58 Bytes [00, 8B, 45, F4, 89, 45, 08, ...]
.text KernelBase.dll!SetFileAttributesW + 5F 755817EF 12 Bytes [01, 10, 00, 57, 8D, 45, FC, ...]
.text KernelBase.dll!SetFileAttributesW + 6C 755817FC 7 Bytes [00, 00, C7, 45, CC, 40, 00]
.text KernelBase.dll!SetFileAttributesW + 74 75581804 18 Bytes [00, 89, 5D, D0, 89, 5D, D4, ...]
.text KernelBase.dll!SetFileAttributesW + 88 75581818 107 Bytes [8D, 45, D8, 50, FF, 15, F4, ...]
.text ...
.text KernelBase.dll!SetFileTime + B 75581894 35 Bytes [00, 10, 83, EC, 30, 83, F8, ...]
.text KernelBase.dll!SetFileTime + 2F 755818B8 11 Bytes [00, 8B, 45, 10, 85, C0, 0F, ...]
.text KernelBase.dll!SetFileTime + 3B 755818C4 46 Bytes [8B, 45, 14, 85, C0, 74, 0B, ...]
.text KernelBase.dll!SetFileTime + 6A 755818F3 94 Bytes [33, C0, 40, C9, C2, 10, 00, ...]
.text KernelBase.dll!AddMandatoryAce + 18 75581952 21 Bytes [10, 13, 56, 75, 85, C0, 0F, ...]
.text KernelBase.dll!AddMandatoryAce + 2E 75581968 83 Bytes JMP 7556A289 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!AddMandatoryAce + 82 755819BC 58 Bytes JMP 7556D321 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!LocalUnlock + 1D 755819F8 18 Bytes [FF, 35, 34, 40, 5A, 75, FF, ...]
.text KernelBase.dll!LocalUnlock + 31 75581A0C 23 Bytes [00, 00, 8D, 73, FC, 56, 68, ...]
.text KernelBase.dll!LocalUnlock + 4A 75581A25 30 Bytes [8D, 46, 02, 0F, B7, 08, 8D, ...]
.text KernelBase.dll!LocalUnlock + 69 75581A44 27 Bytes [00, 00, 89, 7D, FC, C7, 45, ...]
.text KernelBase.dll!LocalUnlock + 85 75581A60 7 Bytes [FE, FF, FF, FF, 00, 00, 00]
.text ...
.text KernelBase.dll!LocalLock + 1D 75581AB3 19 Bytes [FF, 35, 34, 40, 5A, 75, FF, ...]
.text KernelBase.dll!LocalLock + 32 75581AC8 23 Bytes [00, 8D, 73, FC, 56, 68, A0, ...]
.text KernelBase.dll!LocalLock + 4A 75581AE0 38 Bytes [8B, 46, 04, 89, 45, E4, 3B, ...]
.text KernelBase.dll!LocalLock + 71 75581B07 12 Bytes [89, 7D, FC, C7, 45, FC, FE, ...]
.text KernelBase.dll!LocalLock + 7E 75581B14 27 Bytes [00, 00, 8B, 45, E4, E8, D2, ...]
.text ...
.text KernelBase.dll!OutputDebugStringW + 6 75581C55 4 Bytes [EC, 10, 56, 57] {IN AL, DX ; ADC [ESI+0x57], DL}
.text KernelBase.dll!OutputDebugStringW + B 75581C5A 133 Bytes [75, 08, 33, C0, 66, 89, 45, ...]
.text KernelBase.dll!QueueUserAPC + 1D 75581CE0 18 Bytes [6A, 00, 6A, 01, FF, 15, 58, ...]
.text KernelBase.dll!QueueUserAPC + 31 75581CF4 11 Bytes [F6, 45, FC, 01, 8B, 45, F8, ...]
.text KernelBase.dll!QueueUserAPC + 3D 75581D00 43 Bytes [00, 50, FF, 75, 10, FF, 75, ...]
.text KernelBase.dll!QueueUserAPC + 69 75581D2C 7 Bytes [04, 00, 00, 0F, 83, D0, 7A] {ADD AL, 0x0; ADD [EDI], CL; ADC EAX, 0x7a}
.text KernelBase.dll!QueueUserAPC + 71 75581D34 6 Bytes [00, 8B, 86, 94, 0F, 00] {ADD [EBX+0xf9486], CL}
.text ...
.text KernelBase.dll!WriteProcessMemory + 37 75581E2C 10 Bytes [00, 8B, 45, 14, A8, CC, 0F, ...]
.text KernelBase.dll!WriteProcessMemory + 43 75581E38 319 Bytes [8D, 4D, 14, 51, 50, 8D, 45, ...]
.text KernelBase.dll!WriteProcessMemory + 183 75581F78 10 Bytes [00, 42, 42, 41, FF, 4D, 0C, ...]
.text KernelBase.dll!WriteProcessMemory + 18E 75581F83 16 Bytes JMP 7556AA6D \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!IsDebuggerPresent + 5 75581F94 36 Bytes [00, 8B, 40, 30, 0F, B6, 40, ...]
.text KernelBase.dll!IsDebuggerPresent + 2A 75581FB9 1 Byte [00]
.text KernelBase.dll!IsDebuggerPresent + 2A 75581FB9 21 Bytes [00, 00, 39, 7D, 14, 74, 2D, ...]
.text KernelBase.dll!IsDebuggerPresent + 41 75581FD0 23 Bytes [85, F6, 0F, 84, BE, E9, FE, ...]
.text

otulka · #9 Příspěvek od **otulka** » 12 zář 2010 10:31

.text KernelBase.dll!IsDebuggerPresent + 59 75581FE8 26 Bytes [00, 00, 83, C4, 0C, 6A, 10, ...]
.text ...
.text KernelBase.dll!GetThreadId + A 75582034 7 Bytes [6A, 1C, 8D, 45, E4, 50, 6A]
.text KernelBase.dll!GetThreadId + 12 7558203C 15 Bytes [FF, 75, 08, FF, 15, 30, 13, ...]
.text KernelBase.dll!GetThreadId + 22 7558204C 7 Bytes [00, 8B, 45, F0, C9, C2, 04]
.text KernelBase.dll!GetThreadId + 2A 75582054 14 Bytes [89, 95, 38, FF, FF, FF, C7, ...]
.text KernelBase.dll!GetThreadId + 3A 75582064 10 Bytes [39, BD, 3C, FF, FF, FF, 0F, ...]
.text ...
.text KernelBase.dll!ConvertDefaultLocale + 7 755820F7 139 Bytes CALL 75566E00 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!ConvertDefaultLocale + 94 75582184 50 Bytes JMP 755747A2 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!ConvertDefaultLocale + C7 755821B7 20 Bytes [C0, 74, 09, 85, C0, 74, 05, ...]
.text KernelBase.dll!ConvertDefaultLocale + DC 755821CC 7 Bytes [D0, 21, 58, 75, 4E, 00, 6F]
.text KernelBase.dll!ConvertDefaultLocale + E4 755821D4 3 Bytes [44, 00, 65]
.text ...
.text KernelBase.dll!SetThreadStackGuarantee + 17 7558226C 6 Bytes [00, 83, B8, D8, 0F, 00] {ADD [EBX+0xfd8b8], AL}
.text KernelBase.dll!SetThreadStackGuarantee + 1F 75582274 7 Bytes [53, 56, 57, 0F, 87, F7, 52]
.text KernelBase.dll!SetThreadStackGuarantee + 27 7558227C 26 Bytes [00, 8D, 45, CC, 50, E8, 9C, ...]
.text KernelBase.dll!SetThreadStackGuarantee + 43 75582298 27 Bytes [8B, B1, 78, 0F, 00, 00, 6A, ...]
.text KernelBase.dll!SetThreadStackGuarantee + 5F 755822B4 21 Bytes [00, 00, 3B, FE, 72, 7F, 8B, ...]
.text ...
.text KernelBase.dll!SetEnvironmentStringsW + 26 7558237B 3 Bytes [BB, FF, 7F]
.text KernelBase.dll!SetEnvironmentStringsW + 2B 75582380 46 Bytes [8D, 46, 02, 6A, 3D, 50, FF, ...]
.text KernelBase.dll!SetEnvironmentStringsW + 5A 755823AF 7 Bytes [8D, 74, 7E, 02, 66, 83, 3E]
.text KernelBase.dll!SetEnvironmentStringsW + 62 755823B7 28 Bytes [74, 1C, 8B, C6, 8D, 50, 02, ...]
.text KernelBase.dll!SetEnvironmentStringsW + 7F 755823D4 22 Bytes [00, 2B, 75, 08, 46, 46, 56, ...]
.text ...
.text KernelBase.dll!CancelIoEx + 2C 75582427 39 Bytes [33, C0, 40, EB, F7, 56, E8, ...]
.text KernelBase.dll!TerminateProcess + F 75582450 10 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...]
.text KernelBase.dll!TerminateProcess + 1A 7558245B 19 Bytes [FF, 75, 0C, FF, 75, 08, FF, ...]
.text KernelBase.dll!TerminateProcess + 2E 7558246F 139 Bytes [33, C0, 40, 5D, C2, 08, 00, ...]
.text KernelBase.dll!TerminateProcess + BA 755824FB 7 Bytes [3B, C7, 0F, 84, AF, 72, 00]
.text KernelBase.dll!TerminateProcess + C2 75582503 12 Bytes CALL 75582483 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text KernelBase.dll!ImpersonateLoggedOnUser + 54 7558268F 43 Bytes [33, C0, 40, 5F, 5E, 5B, C9, ...]
.text KernelBase.dll!ImpersonateLoggedOnUser + 80 755826BB 74 Bytes [89, 5D, D8, 89, 5D, E0, 89, ...]
.text KernelBase.dll!IsTokenRestricted + 12 75582706 13 Bytes [33, DB, 53, 53, 6A, 0B, FF, ...]
.text KernelBase.dll!IsTokenRestricted + 20 75582714 6 Bytes [00, C0, 0F, 85, 7C, 8D]
.text KernelBase.dll!IsTokenRestricted + 28 7558271C 18 Bytes [57, FF, 75, FC, 53, E8, 0B, ...]
.text KernelBase.dll!IsTokenRestricted + 3C 75582730 86 Bytes [8D, 45, FC, 50, FF, 75, FC, ...]
.text KernelBase.dll!ChangeTimerQueueTimer + 24 75582787 19 Bytes [33, C0, 40, 5D, C2, 10, 00, ...]
.text KernelBase.dll!ChangeTimerQueueTimer + 39 7558279C 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!ChangeTimerQueueTimer + 51 755827B4 27 Bytes [33, C0, FF, 75, 18, FF, 76, ...]
.text KernelBase.dll!ChangeTimerQueueTimer + 6D 755827D0 26 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!ChangeTimerQueueTimer + 89 755827EC 27 Bytes [8B, 40, 30, 6A, 00, FF, 70, ...]
.text ...
.text KernelBase.dll!DisconnectNamedPipe + 16 75582823 8 Bytes [8D, 45, FC, 50, C7, 45, DC, ...]
.text KernelBase.dll!DisconnectNamedPipe + 1F 7558282C 30 Bytes [00, 00, 89, 75, E0, 89, 75, ...]
.text KernelBase.dll!DisconnectNamedPipe + 3E 7558284B 7 Bytes [57, 56, 56, 56, 56, 68, 04]
.text KernelBase.dll!DisconnectNamedPipe + 46 75582853 6 Bytes [11, 00, 8D, 45, F4, 50] {ADC [EAX], EAX; LEA EAX, [EBP-0xc]; PUSH EAX}
.text KernelBase.dll!DisconnectNamedPipe + 4D 7558285A 20 Bytes [56, FF, 75, FC, FF, 75, 08, ...]
.text ...
.text KernelBase.dll!ImpersonateNamedPipeClient + 13 755828B3 23 Bytes [8D, 45, F8, 50, 56, 56, 56, ...]
.text KernelBase.dll!ImpersonateNamedPipeClient + 2C 755828CC 6 Bytes [33, C0, 40, C9, C2, 04]
.text KernelBase.dll!ImpersonateNamedPipeClient + 33 755828D3 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!ConnectNamedPipe + 1C 755828F4 7 Bytes [00, 3B, F3, 0F, 84, C9, 05]
.text KernelBase.dll!ConnectNamedPipe + 24 755828FC 27 Bytes [00, 8B, 46, 10, 24, 01, 0F, ...]
.text KernelBase.dll!ConnectNamedPipe + 40 75582918 10 Bytes [00, 8B, 4E, 10, 53, 53, 53, ...]
.text KernelBase.dll!ConnectNamedPipe + 4B 75582923 1 Byte [11]
.text KernelBase.dll!ConnectNamedPipe + 4B 75582923 87 Bytes [11, 00, 52, 50, 53, 51, FF, ...]
.text KernelBase.dll!GetNamedPipeClientComputerNameW + 22 7558297C 14 Bytes [8B, F0, 85, F6, 75, 17, E8, ...]
.text KernelBase.dll!GetNamedPipeClientComputerNameW + 32 7558298C 6 Bytes [75, 0B, 68, E5, 00, 00]
.text KernelBase.dll!GetNamedPipeClientComputerNameW + 39 75582993 12 Bytes [FF, 15, 48, 10, 56, 75, 8B, ...]
.text KernelBase.dll!GetNamedPipeClientComputerNameW + 46 755829A0 18 Bytes [43, 6C, 69, 65, 6E, 74, 43, ...]
.text KernelBase.dll!GetNamedPipeClientComputerNameW + 59 755829B3 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!GetNamedPipeAttribute + 1B 755829D3 35 Bytes [8B, 45, 10, 56, 8D, 70, 01, ...]
.text KernelBase.dll!GetNamedPipeAttribute + 3F 755829F7 3 Bytes [6A, 00, 6A]
.text KernelBase.dll!GetNamedPipeAttribute + 43 755829FB 28 Bytes [FF, 75, 08, FF, 15, 6C, 10, ...]
.text KernelBase.dll!GetNamedPipeAttribute + 60 75582A18 126 Bytes [11, 00, EB, B7, 8B, 45, FC, ...]
.text KernelBase.dll!AccessCheckAndAuditAlarmW + 6C 75582A97 3 Bytes [83, 7D, 08]
.text KernelBase.dll!AccessCheckAndAuditAlarmW + 70 75582A9B 42 Bytes [0F, 8C, 0B, 52, FF, FF, 8B, ...]
.text KernelBase.dll!AccessCheckAndAuditAlarmW + 9B 75582AC6 13 Bytes [8B, 55, 0C, 81, FA, FF, FF, ...]
.text KernelBase.dll!AccessCheckAndAuditAlarmW + A9 75582AD4 3 Bytes CALL 75582AEB \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!AccessCheckAndAuditAlarmW + AD 75582AD8 1 Byte [00]
.text ...
.text KernelBase.dll!CreateWaitableTimerExW + 17 75582B68 69 Bytes [00, 83, 7D, 0C, 00, 0F, 85, ...]
.text KernelBase.dll!CreateWaitableTimerExW + 5D 75582BAE 7 Bytes [00, 40, 0F, 84, D4, 60, 00]
.text KernelBase.dll!CreateWaitableTimerExW + 65 75582BB6 1 Byte [6A]
.text KernelBase.dll!CreateWaitableTimerExW + 65 75582BB6 15 Bytes [6A, 00, FF, 15, 48, 10, 56, ...]
.text KernelBase.dll!CreateWaitableTimerExW + 75 75582BC6 3 Bytes [64, A1, 18]
.text ...
.text KernelBase.dll!PrivilegeCheck + 2A 75582C3A 7 Bytes [00, 33, C0, 40, C9, C2, 0C]
.text KernelBase.dll!PrivilegeCheck + 32 75582C42 270 Bytes [0F, B7, D2, 0F, B6, DA, 89, ...]
.text KernelBase.dll!GetUserDefaultLangID + F 75582D51 105 Bytes [00, 00, 00, FF, 75, 0C, FF, ...]
.text KernelBase.dll!GetUserDefaultLangID + 79 75582DBB 471 Bytes JMP 7556C52F \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!UnlockFileEx + 19 75582F93 231 Bytes [83, 7D, 0C, 00, 0F, 85, D3, ...]
.text KernelBase.dll!LockFile + 5C 7558307B 20 Bytes [3B, C6, 0F, 8C, B4, 03, 00, ...]
.text KernelBase.dll!LockFile + 71 75583090 45 Bytes [00, 0F, 84, 92, 9E, FE, FF, ...]
.text KernelBase.dll!LockFile + 9F 755830BE 61 Bytes [04, 00, 00, 85, C0, 0F, 84, ...]
.text KernelBase.dll!LockFile + DD 755830FC 149 Bytes [00, 8D, 85, 7C, FF, FF, FF, ...]
.text KernelBase.dll!LockFile + 173 75583192 152 Bytes [00, 14, 00, 0B, C7, 50, FF, ...]
.text ...
.text KernelBase.dll!GetCPFileNameFromRegistry + 3B 7558353D 153 Bytes [85, C0, 0F, 84, B5, 0A, 00, ...]
.text KernelBase.dll!GetCPFileNameFromRegistry + D5 755835D7 264 Bytes [05, 33, C0, 40, C9, C3, 6A, ...]
.text KernelBase.dll!GetCPFileNameFromRegistry + 1DE 755836E0 57 Bytes [00, 8B, 40, 30, 57, FF, 70, ...]
.text KernelBase.dll!GetCPFileNameFromRegistry + 218 7558371A 87 Bytes [A1, 18, 00, 00, 00, 8B, 40, ...]
.text KernelBase.dll!GetDiskFreeSpaceA + 11 75583772 157 Bytes [FF, 75, 08, 8D, 45, F8, 50, ...]
.text KernelBase.dll!GetDiskFreeSpaceA + AF 75583810 94 Bytes JMP 7558389B \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetDiskFreeSpaceA + 10E 7558386F 12 Bytes [33, C9, 39, 4D, FC, 0F, 85, ...]
.text KernelBase.dll!GetDiskFreeSpaceA + 11B 7558387C 119 Bytes [14, 74, 82, 3B, 45, 14, 7D, ...]
.text KernelBase.dll!GetDiskFreeSpaceA + 193 755838F4 19 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ...
.text KernelBase.dll!WaitNamedPipeW + 118 75583D82 78 Bytes [30, FF, 70, 18, FF, 15, 20, ...]
.text KernelBase.dll!WaitNamedPipeW + 167 75583DD1 80 Bytes [8D, 45, C8, 50, 57, 57, 57, ...]
.text KernelBase.dll!WaitNamedPipeW + 1B8 75583E22 11 Bytes [69, 00, 63, 00, 65, 00, 73, ...]
.text KernelBase.dll!WaitNamedPipeW + 1C4 75583E2E 17 Bytes [69, 00, 70, 00, 65, 00, 5C, ...]
.text KernelBase.dll!WaitNamedPipeW + 1D6 75583E40 6 Bytes [70, 00, 69, 00, 70, 00]
.text ...
.text KernelBase.dll!AreFileApisANSI + 26 755840A6 35 Bytes CALL 75566A7B \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!AreFileApisANSI + 4A 755840CA 92 Bytes [C0, 0F, 84, 17, 40, 00, 00, ...]
.text KernelBase.dll!InvalidateTzSpecificCache + 1D 75584127 49 Bytes [00, 8D, 46, 08, 6A, 00, 50, ...]
.text KernelBase.dll!GetWindowsDirectoryA + 15 75584159 220 Bytes [5D, 90, 90, 90, 90, 90, 8B, ...]
.text KernelBase.dll!CreatePrivateObjectSecurity + 25 75584236 97 Bytes [33, C0, 40, 5D, C2, 18, 00, ...]
.text KernelBase.dll!CreateDirectoryA + 56 75584298 21 Bytes [8D, 85, 9C, FD, FF, FF, 50, ...]
.text KernelBase.dll!CreateDirectoryA + 6C 755842AE 314 Bytes [00, 66, 89, 85, A6, FD, FF, ...]
.text KernelBase.dll!CreateDirectoryA + 1A7 755843E9 591 Bytes [00, 8B, 40, 30, 6A, 00, FF, ...]
.text KernelBase.dll!EnumSystemLocalesA + 5D 75584639 470 Bytes [8B, 4D, 10, 7E, 14, 8B, 55, ...]
.text KernelBase.dll!Internal_EnumSystemLocales + 157 75584810 161 Bytes [0F, 84, 62, 8D, 00, 00, 33, ...]
.text KernelBase.dll!DefineDosDeviceW + A 755848B2 101 Bytes [00, A1, C0, 49, 5A, 75, 33, ...]
.text KernelBase.dll!DefineDosDeviceW + 70 75584918 68 Bytes [56, 8B, 35, FC, 11, 56, 75, ...]
.text KernelBase.dll!DefineDosDeviceW + B5 7558495D 132 Bytes [FF, B5, 14, FF, FF, FF, 50, ...]
.text KernelBase.dll!DefineDosDeviceW + 13A 755849E2 74 Bytes [8D, 85, 54, FF, FF, FF, 50, ...]
.text KernelBase.dll!DefineDosDeviceW + 185 75584A2D 85 Bytes [12, 56, 75, 57, FF, 15, 14, ...]
.text ...
.text KernelBase.dll!EnumTimeFormatsW + 18 75584ADF 151 Bytes [10, 50, FF, 75, 08, E8, 5E, ...]
.text KernelBase.dll!EnumDateFormatsW + 85 75584B77 239 Bytes [83, BD, D8, FC, FF, FF, 00, ...]
.text KernelBase.dll!Internal_EnumCalendarInfo + 5C 75584C67 245 Bytes [00, 10, 0F, 85, 2F, 8A, 00, ...]
.text KernelBase.dll!Internal_EnumCalendarInfo + 152 75584D5D 117 Bytes [8B, 80, 08, 01, 00, 00, 8B, ...]
.text KernelBase.dll!Internal_EnumCalendarInfo + 1C8 75584DD3 16 Bytes [21, 39, 4D, 20, 0F, 84, 09, ...]
.text KernelBase.dll!Internal_EnumCalendarInfo + 1D9 75584DE4 81 Bytes [10, 50, FF, 95, 58, FF, FF, ...]
.text KernelBase.dll!Internal_EnumCalendarInfo + 22B 75584E36 306 Bytes [7C, 8B, 40, 18, 8D, 04, 48, ...]
.text KernelBase.dll!Internal_EnumTimeFormats + 22 75584F69 771 Bytes [F6, C2, 02, 0F, 85, DB, 8F, ...]
.text KernelBase.dll!IsValidLocaleName + 5F 7558526D 82 Bytes JMP 755854A2 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetCalendarInfoEx + 2F 755852C0 59 Bytes [14, FF, 75, 10, FF, 75, 0C, ...]
.text KernelBase.dll!GetCalendarInfoEx + 6B 755852FC 121 Bytes [00, 83, A5, 58, FF, FF, FF, ...]
.text KernelBase.dll!GetCalendarInfoEx + E5 75585376 2 Bytes [18, FF] {SBB BH, BH}
.text KernelBase.dll!GetCalendarInfoEx + E8 75585379 214 Bytes [14, 52, 50, 57, 68, 1E, 04, ...]
.text KernelBase.dll!EnumDateFormatsExEx + 97 75585450 303 Bytes [37, 66, 85, F6, 74, 36, 03, ...]
.text KernelBase.dll!FoldStringW + 21 75585580 52 Bytes [00, 00, 8B, 5D, 0C, 85, DB, ...]
.text KernelBase.dll!FoldStringW + 56 755855B5 58 Bytes [00, 3B, C1, 0F, 87, 1E, 8D, ...]
.text KernelBase.dll!FoldStringW + 92 755855F1 41 Bytes CALL 7558561D \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FoldStringW + BC 7558561B 99 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!FoldStringW + 120 7558567F 313 Bytes [50, A1, 18, AF, 56, 75, FF, ...]
.text ...
.text KernelBase.dll!LCMapStringA + 48 75585962 12 Bytes [00, 74, 08, 3B, F1, 0F, 84, ...]
.text KernelBase.dll!LCMapStringA + 55 7558596F 30 Bytes [03, 00, 00, 3B, FE, 0F, 84, ...]
.text KernelBase.dll!LCMapStringA + 74 7558598E 200 Bytes [00, 8D, 85, FC, FD, FF, FF, ...]
.text KernelBase.dll!LCMapStringA + 13D 75585A57 414 Bytes [68, EC, 03, 00, 00, E9, 64, ...]
.text KernelBase.dll!GetUserDefaultLocaleName + C0 75585BF6 678 Bytes JMP 75584E10 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetPtrCalDataArray + 29C 75585E9D 15 Bytes [3B, 0A, 0F, 85, B9, 00, 00, ...]
.text KernelBase.dll!GetPtrCalDataArray + 2AC 75585EAD 41 Bytes [44, 33, DB, F3, A7, 0F, 85, ...]
.text KernelBase.dll!GetPtrCalDataArray + 2D6 75585ED7 91 Bytes [0F, 85, 81, 00, 00, 00, 8B, ...]
.text KernelBase.dll!GetPtrCalDataArray + 332 75585F33 19 Bytes [00, 66, 85, C9, 74, 17, 66, ...]
.text KernelBase.dll!GetPtrCalDataArray + 346 75585F47 48 Bytes [03, C3, 03, D3, 66, 85, C9, ...]
.text ...
.text KernelBase.dll!GetTimeZoneInformationForYear + 140 755861C4 79 Bytes [FE, FF, 89, 45, F4, 8B, 45, ...]
.text KernelBase.dll!GetProcessHeaps + 31 75586214 166 Bytes JMP 7556F9C3 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetNumberFormatW + 9A 755862BB 157 Bytes [00, 00, 8B, 40, 30, 56, 53, ...]
.text KernelBase.dll!ReadFileEx + 24 75586359 38 Bytes [18, 89, 4D, F8, 85, C0, 74, ...]
.text KernelBase.dll!ReadFileEx + 4B 75586380 282 Bytes [00, 6A, 00, 8D, 45, F4, 50, ...]
.text KernelBase.dll!WriteFileEx + 57 7558649B 217 Bytes [0C, 56, FF, 75, 18, 53, 6A, ...]
.text KernelBase.dll!FindNLSStringEx 75586577 13 Bytes [8B, FF, 55, 8B, EC, 8D, 45, ...]
.text KernelBase.dll!FindNLSStringEx + E 75586585 156 Bytes [85, C0, 0F, 85, BE, 9B, 00, ...]
.text KernelBase.dll!FindNLSString + 53 75586622 6 Bytes [15, 80, 10, 56, 75, 53] {ADC EAX, 0x75561080; PUSH EBX}
.text KernelBase.dll!FindNLSString + 5A 75586629 34 Bytes [75, FC, 8D, 45, C8, 6A, 01, ...]
.text KernelBase.dll!FindNLSString + 7E 7558664D 2 Bytes [30, 53]
.text KernelBase.dll!FindNLSString + 81 75586650 66 Bytes JMP 75580B73 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindNLSString + C5 75586694 108 Bytes [8B, BD, 70, FD, FF, FF, E9, ...]
.text KernelBase.dll!GetDiskFreeSpaceExA + 11 75586702 11 Bytes [FF, 75, 08, 8D, 45, F8, 50, ...]
.text KernelBase.dll!GetDiskFreeSpaceExA + 1D 7558670E 22 Bytes [85, C0, 74, 21, 56, FF, 75, ...]
.text KernelBase.dll!GetDiskFreeSpaceExA + 34 75586725 44 Bytes [F0, 8D, 45, F8, 50, FF, 15, ...]
.text KernelBase.dll!GetDiskFreeSpaceExA + 61 75586752 12 Bytes [06, 89, 56, 04, C6, 46, 0C, ...]
.text KernelBase.dll!GetDiskFreeSpaceExA + 6E 7558675F 84 Bytes [68, E0, 47, 5A, 75, FF, 15, ...]
.text ...
.text KernelBase.dll!GetQueuedCompletionStatusEx + C 75590917 24 Bytes [C7, 45, B8, 24, 00, 00, 00, ...]
.text KernelBase.dll!GetQueuedCompletionStatusEx + 25 75590930 19 Bytes [39, 7D, 0C, 75, 0F, 6A, 57, ...]
.text KernelBase.dll!GetQueuedCompletionStatusEx + 39 75590944 34 Bytes [39, 7D, 14, 74, EC, 39, 7D, ...]
.text KernelBase.dll!GetQueuedCompletionStatusEx + 5C 75590967 34 Bytes [15, 5C, 10, 56, 75, 89, 7D, ...]
.text KernelBase.dll!GetQueuedCompletionStatusEx + 7F 7559098A 84 Bytes [15, 58, 10, 56, 75, 3B, C7, ...]
.text ...
.text KernelBase.dll!Beep + 50 75590A71 9 Bytes [01, 00, 8D, 45, D0, 50, 56, ...] {ADD [EAX], EAX; LEA EAX, [EBP-0x30]; PUSH EAX; PUSH ESI; PUSH ESI; PUSH ESI}
.text KernelBase.dll!Beep + 5A 75590A7B 23 Bytes [75, E4, FF, 15, AC, 10, 56, ...]
.text KernelBase.dll!Beep + 72 75590A93 14 Bytes [74, 14, 39, 75, 08, 75, 05, ...] {JZ 0x16; CMP [EBP+0x8], ESI; JNZ 0xc; CMP [EBP+0xc], ESI; JZ 0x16; PUSH 0x1}
.text KernelBase.dll!Beep + 81 75590AA2 6 Bytes [75, 0C, E8, 78, 0D, FD]
.text KernelBase.dll!Beep + 88 75590AA9 105 Bytes [C7, 45, E0, 01, 00, 00, 00, ...]

otulka · #10 Příspěvek od **otulka** » 12 zář 2010 10:32

.text ...
.text KernelBase.dll!SetLocalTime + 4F 75590C10 49 Bytes [66, 89, 4D, DE, 66, 8B, 48, ...]
.text KernelBase.dll!SetLocalTime + 81 75590C42 63 Bytes [00, 00, C0, EB, 4A, 8B, 45, ...]
.text KernelBase.dll!SetLocalTime + C1 75590C82 135 Bytes [FF, 75, F8, 8B, F0, FF, 15, ...]
.text KernelBase.dll!BaseInvalidateProcessSearchPathCache + 48 75590D0A 11 Bytes JMP 3025FF5D
.text KernelBase.dll!BaseInvalidateProcessSearchPathCache + 54 75590D16 5 Bytes [8B, 45, 08, 0F, B7]
.text KernelBase.dll!BaseInvalidateProcessSearchPathCache + 5A 75590D1C 2 Bytes [8D, 44]
.text KernelBase.dll!BaseInvalidateProcessSearchPathCache + 5D 75590D1F 4 Bytes [02, 5D, C2, 04]
.text KernelBase.dll!BaseInvalidateProcessSearchPathCache + 62 75590D24 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text ...
.text KernelBase.dll!SetFileApisToANSI + 13 75590DCA 142 Bytes [8B, 0D, 00, 10, 56, 75, 89, ...]
.text KernelBase.dll!SetStdHandleEx + 68 75590E59 170 Bytes [48, 10, 8B, 75, 0C, 8B, 41, ...]
.text KernelBase.dll!SetStdHandleEx + 113 75590F04 11 Bytes [C2, 0C, 00, 90, 90, 90, 90, ...] {RET 0xc; NOP ; NOP ; NOP ; NOP ; NOP ; LEA ECX, [EBP-0x40]}
.text KernelBase.dll!SetStdHandleEx + 11F 75590F10 27 Bytes [15, 54, 10, 56, 75, C3, 90, ...]
.text KernelBase.dll!SetStdHandleEx + 13B 75590F2C 120 Bytes [00, 00, 00, 00, 0C, 0F, 59, ...]
.text KernelBase.dll!Wow64RevertWow64FsRedirection + 6C 75590FA5 125 Bytes [3B, CF, 75, F6, 53, 2B, C2, ...]
.text KernelBase.dll!Wow64RevertWow64FsRedirection + EA 75591023 9 Bytes [83, C4, 0C, BE, A0, 02, 00, ...]
.text KernelBase.dll!Wow64RevertWow64FsRedirection + F4 7559102D 21 Bytes [39, 7D, FC, 74, 16, FF, 75, ...]
.text KernelBase.dll!Wow64RevertWow64FsRedirection + 10A 75591043 9 Bytes [15, 14, 10, 56, 75, E8, 9C, ...]
.text KernelBase.dll!Wow64RevertWow64FsRedirection + 114 7559104D 9 Bytes [8B, 40, 2C, 64, 8B, 0D, 18, ...]
.text ...
.text KernelBase.dll!GetFinalPathNameByHandleA + 5F 755912A7 11 Bytes CALL 7557C750 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetFinalPathNameByHandleA + 6B 755912B3 76 Bytes [0C, 00, 3B, CE, 77, A6, 8B, ...]
.text KernelBase.dll!GetFinalPathNameByHandleA + B8 75591300 2 Bytes [70, 18] {JO 0x1a}
.text KernelBase.dll!GetFinalPathNameByHandleA + BB 75591303 52 Bytes [15, 14, 10, 56, 75, 8B, C6, ...]
.text KernelBase.dll!GetFinalPathNameByHandleA + F0 75591338 11 Bytes [46, 01, 3B, 45, 10, 77, 14, ...] {INC ESI; ADD [EBX], EDI; INC EBP; ADC [EDI+0x14], DH; MOV EBX, [EBP+0xc]; PUSH ESI}
.text ...
.text KernelBase.dll!MapViewOfFileExNuma + 2 7559136A 33 Bytes [55, 8B, EC, 51, 51, 8B, 4D, ...]
.text KernelBase.dll!MapViewOfFileExNuma + 25 7559138D 19 Bytes [14, 89, 45, F8, 8B, 45, 10, ...] {ADC AL, 0x89; INC EBP; CLC ; MOV EAX, [EBP+0x10]; MOV [EBP-0x4], EAX; MOV EAX, [EBP+0x18]; MOV [EBP+0x14], EAX; MOV EAX, [EBP+0x1c]}
.text KernelBase.dll!MapViewOfFileExNuma + 39 755913A1 4 Bytes [45, 20, 8B, 45]
.text KernelBase.dll!MapViewOfFileExNuma + 3E 755913A6 156 Bytes [83, F8, 21, 75, 05, 83, C0, ...]
.text KernelBase.dll!VirtualAllocExNuma + 1A 75591443 81 Bytes [74, 0F, 83, F8, 10, 72, 0A, ...]
.text KernelBase.dll!SetProcessAffinityUpdateMode + 1 75591495 15 Bytes [FF, 55, 8B, EC, F7, 45, 0C, ...]
.text KernelBase.dll!SetProcessAffinityUpdateMode + 12 755914A6 5 Bytes [C0, E8, D2, 55, FD] {SHR AL, 0xd2; PUSH EBP; STD }
.text KernelBase.dll!SetProcessAffinityUpdateMode + 18 755914AC 9 Bytes [33, C0, EB, 29, F6, 45, 0C, ...]
.text KernelBase.dll!SetProcessAffinityUpdateMode + 22 755914B6 222 Bytes [58, 0F, 94, C0, 6A, 04, 40, ...]
.text KernelBase.dll!FatalAppExitW + 4B 75591595 296 Bytes CALL 3ECE6BAB
.text KernelBase.dll!FatalAppExitA + F1 755916BE 11 Bytes [00, C0, 8B, 5D, 0C, 3B, DF, ...]
.text KernelBase.dll!FatalAppExitA + FD 755916CA 7 Bytes [00, 39, 7D, 08, 0F, 84, D9]
.text KernelBase.dll!FatalAppExitA + 105 755916D2 1 Byte [00]
.text KernelBase.dll!FatalAppExitA + 105 755916D2 71 Bytes [00, 00, 89, 7D, FC, 33, C0, ...]
.text KernelBase.dll!FatalAppExitA + 14D 7559171A 1 Byte [00]
.text ...
.text KernelBase.dll!OpenWaitableTimerW + 11 755917F2 75 Bytes CALL 75566A7C \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!OpenWaitableTimerW + 5D 7559183E 30 Bytes CALL 755667E5 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!OpenWaitableTimerW + 7C 7559185D 18 Bytes [FC, 50, FF, 15, 9C, 12, 56, ...]
.text KernelBase.dll!OpenWaitableTimerW + 8F 75591870 39 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!OpenWaitableTimerW + B7 75591898 5 Bytes [00, 8B, 40, 30, 68]
.text ...
.text KernelBase.dll!SetThreadPriorityBoost + 26 75591978 4 Bytes CALL 75566A7E \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!SetThreadPriorityBoost + 2B 7559197D 54 Bytes [33, C0, EB, 03, 33, C0, 40, ...]
.text KernelBase.dll!GetThreadPriorityBoost + 27 755919B4 8 Bytes [45, 0C, 8B, 4D, 08, 89, 08, ...]
.text KernelBase.dll!GetThreadPriorityBoost + 30 755919BD 25 Bytes [40, 5D, C2, 08, 00, 90, 90, ...]
.text KernelBase.dll!CreateThread + 10 755919D7 6 Bytes [FF, 75, 10, FF, 75, 0C] {PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text KernelBase.dll!CreateThread + 17 755919DE 8 Bytes [75, 08, 6A, FF, E8, 48, A1, ...]
.text KernelBase.dll!CreateThread + 20 755919E7 10 Bytes [5D, C2, 18, 00, 90, 90, 90, ...]
.text KernelBase.dll!CreateRemoteThread + 2 755919F2 17 Bytes [55, 8B, EC, FF, 75, 20, 6A, ...] {PUSH EBP; MOV EBP, ESP; PUSH DWORD [EBP+0x20]; PUSH 0x0; PUSH DWORD [EBP+0x1c]; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]}
.text KernelBase.dll!CreateRemoteThread + 14 75591A04 5 Bytes [75, 10, FF, 75, 0C] {JNZ 0x12; PUSH DWORD [EBP+0xc]}
.text KernelBase.dll!CreateRemoteThread + 1A 75591A0A 6 Bytes [75, 08, E8, 1E, A1, FD]
.text KernelBase.dll!CreateRemoteThread + 21 75591A11 146 Bytes [5D, C2, 1C, 00, 90, 90, 90, ...]
.text KernelBase.dll!HeapSummary + 39 75591AA4 27 Bytes [8B, 45, 08, 83, 4D, D4, FF, ...]
.text KernelBase.dll!HeapSummary + 55 75591AC0 24 Bytes [00, 00, C7, 45, E0, 1A, 1A, ...]
.text KernelBase.dll!HeapSummary + 6E 75591AD9 3 Bytes CALL 75566A7F \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!HeapSummary + 72 75591ADD 23 Bytes [EB, A7, 33, C0, 40, 5E, C9, ...]
.text KernelBase.dll!HeapQueryInformation + 9 75591AF5 56 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
.text KernelBase.dll!FindNextVolumeW + E 75591B2E 11 Bytes [33, F6, 33, DB, 89, 75, FC, ...]
.text KernelBase.dll!FindNextVolumeW + 1A 75591B3A 17 Bytes [04, 02, 00, 00, 8D, 4F, 08, ...]
.text KernelBase.dll!FindNextVolumeW + 2D 75591B4D 61 Bytes [00, 66, 8B, 51, 04, 03, C7, ...]
.text KernelBase.dll!FindNextVolumeW + 6B 75591B8B 113 Bytes [6E, 66, 83, 78, 04, 3F, 75, ...]
.text KernelBase.dll!FindNextVolumeW + DD 75591BFD 18 Bytes [46, 83, C1, 18, 89, 75, FC, ...]
.text ...
.text KernelBase.dll!FindFirstVolumeW + 7A 75591E25 49 Bytes CALL 755683DE \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindFirstVolumeW + AC 75591E57 1 Byte [D3]
.text KernelBase.dll!FindFirstVolumeW + AC 75591E57 5 Bytes [D3, E8, 8C, 49, FD] {SHR EAX, CL; MOV WORD [ECX-0x3], CS}
.text KernelBase.dll!FindFirstVolumeW + B2 75591E5D 5 Bytes [64, 8B, 0D, 18, 00]
.text KernelBase.dll!FindFirstVolumeW + B9 75591E64 13 Bytes [FF, 75, F8, 8B, 40, 2C, 50, ...] {PUSH DWORD [EBP-0x8]; MOV EAX, [EAX+0x2c]; PUSH EAX; MOV EAX, [ECX+0x30]; PUSH DWORD [EAX+0x18]}
.text ...
.text KernelBase.dll!FindVolumeClose + 6 75591EF7 33 Bytes [75, 08, 64, A1, 18, 00, 00, ...]
.text KernelBase.dll!FindVolumeClose + 28 75591F19 71 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
.text KernelBase.dll!FindVolumeClose + 70 75591F61 6 Bytes [B7, 85, EC, FD, FF, FF]
.text KernelBase.dll!FindVolumeClose + 77 75591F68 3 Bytes [8D, F0, FD]
.text KernelBase.dll!FindVolumeClose + 7B 75591F6C 27 Bytes CALL 739A63FE
.text ...
.text KernelBase.dll!NotifyMountMgr + 2C 755924B5 55 Bytes [15, 98, 10, 56, 75, B8, FE, ...]
.text KernelBase.dll!NotifyMountMgr + 64 755924ED 24 Bytes [15, 20, 10, 56, 75, 8B, F0, ...]
.text KernelBase.dll!NotifyMountMgr + 7D 75592506 10 Bytes [70, 18, FF, 15, 14, 10, 56, ...]
.text KernelBase.dll!NotifyMountMgr + 89 75592512 49 Bytes [00, 6A, 08, 58, 66, 89, 06, ...]
.text KernelBase.dll!NotifyMountMgr + BB 75592544 75 Bytes [0F, B7, 46, 06, 50, 0F, B7, ...]
.text ...
.text KernelBase.dll!DeleteVolumeMountPointW + 2A 755927C9 80 Bytes [85, C0, 7D, 08, 50, E8, AB, ...]
.text KernelBase.dll!DeleteVolumeMountPointW + 7B 7559281A 16 Bytes [8B, 45, F4, 66, 83, 78, 02, ...]
.text KernelBase.dll!DeleteVolumeMountPointW + 8C 7559282B 24 Bytes [FF, 57, 68, 80, 00, 00, 00, ...]
.text KernelBase.dll!DeleteVolumeMountPointW + A5 75592844 6 Bytes [A8, 72, FD, FF, 3B, C7]
.text KernelBase.dll!DeleteVolumeMountPointW + AC 7559284B 38 Bytes [84, 59, 02, 00, 00, 50, E8, ...]
.text ...
.text KernelBase.dll!GetVolumePathNameW + 15 75593198 31 Bytes [5D, C2, 0C, 00, 90, 90, 90, ...]
.text KernelBase.dll!GetVolumePathNameW + 35 755931B8 55 Bytes [30, 6A, 00, FF, 70, 18, FF, ...]
.text KernelBase.dll!GetVolumePathNameW + 6D 755931F0 93 Bytes [F8, 8D, 7D, FA, AB, 66, AB, ...]
.text KernelBase.dll!GetVolumePathNameW + CB 7559324E 125 Bytes [FF, 00, 00, 66, 89, 4D, FA, ...]
.text KernelBase.dll!GetComputerNameExA + 2E 755932CC 61 Bytes [FF, FF, 40, 00, 00, 00, 85, ...]
.text KernelBase.dll!GetComputerNameExA + 6C 7559330A 8 Bytes [3B, C7, 0F, 85, 94, 00, 00, ...] {CMP EAX, EDI; JNZ 0x9c}
.text KernelBase.dll!GetComputerNameExA + 75 75593313 3 Bytes CALL 755667EA \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetComputerNameExA + 79 75593317 20 Bytes [64, 8B, 0D, 18, 00, 00, 00, ...]
.text KernelBase.dll!GetComputerNameExA + 8E 7559332C 25 Bytes [41, 30, FF, 70, 18, FF, 15, ...]
.text ...
.text KernelBase.dll!FindFirstChangeNotificationA + F 75593428 3 Bytes CALL 75566CF0 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindFirstChangeNotificationA + 13 7559342C 16 Bytes [85, C0, 75, 05, 83, C8, FF, ...] {TEST EAX, EAX; JNZ 0x9; OR EAX, -0x1; JMP 0x27; PUSH ESI; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text KernelBase.dll!FindFirstChangeNotificationA + 24 7559343D 67 Bytes CALL 7557923B \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindFirstFileExA + 27 75593483 35 Bytes CALL 75566CEE \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!FindFirstFileExA + 4B 755934A7 42 Bytes [B5, 94, FD, FF, FF, E8, 61, ...]
.text KernelBase.dll!FindFirstFileExA + 76 755934D2 54 Bytes [00, 53, 6A, 2C, 8D, 85, AC, ...]
.text KernelBase.dll!FindFirstFileExA + AE 7559350A 1 Byte [66]
.text KernelBase.dll!FindFirstFileExA + AE 7559350A 23 Bytes [66, 89, 85, A2, FD, FF, FF, ...]
.text ...
.text KernelBase.dll!GetShortPathNameW + 41 75593792 5 Bytes [00, 68, 01, 80, 00]
.text KernelBase.dll!GetShortPathNameW + 47 75593798 14 Bytes CALL 755675CD \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetShortPathNameW + 56 755937A7 14 Bytes CALL 7556BFCA \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetShortPathNameW + 65 755937B6 9 Bytes [00, 39, 78, 30, 74, 18, 64, ...]
.text KernelBase.dll!GetShortPathNameW + 6F 755937C0 1 Byte [00]
.text ...
.text KernelBase.dll!GetLongPathNameA + A 75593BAB 44 Bytes CALL 75567B4F \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetLongPathNameA + 37 75593BD8 31 Bytes [9D, C8, FD, FF, FF, 89, 9D, ...]
.text KernelBase.dll!GetLongPathNameA + 58 75593BF9 67 Bytes [85, C0, 0F, 84, 13, 01, 00, ...]
.text KernelBase.dll!GetLongPathNameA + 9D 75593C3E 19 Bytes [00, 8B, B5, B8, FD, FF, FF, ...] {ADD [EBX-0x2474b], CL; DEC DWORD [EBP-0x74aec9f4]; LEA EDI, [EBP+EDI*8-0x3e7e0001]}
.text KernelBase.dll!GetLongPathNameA + B2 75593C53 58 Bytes [20, 00, 51, 8B, 40, 30, FF, ...]
.text ...
.text KernelBase.dll!CreateFileA + 37 75593DE8 184 Bytes [8B, F0, 8D, 45, F8, 50, FF, ...]
.text KernelBase.dll!AccessCheckByTypeAndAuditAlarmW + 33 75593EA1 154 Bytes [45, 08, 50, FF, 75, 3C, 8D, ...]
.text KernelBase.dll!AccessCheckByTypeResultListAndAuditAlarmW + 23 75593F3C 181 Bytes [50, FF, D6, FF, 75, 14, 8D, ...]
.text KernelBase.dll!AccessCheckByTypeResultListAndAuditAlarmByHandleW + 27 75593FF2 46 Bytes [75, 18, 8D, 45, F4, 50, FF, ...]
.text KernelBase.dll!AccessCheckByTypeResultListAndAuditAlarmByHandleW + 57 75594022 91 Bytes [1C, 50, 8D, 45, EC, 50, FF, ...]
.text KernelBase.dll!ObjectPrivilegeAuditAlarmW 75594080 14 Bytes [8B, FF, 55, 8B, EC, 51, 51, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ECX; PUSH ECX; PUSH DWORD [EBP+0x8]; LEA EAX, [EBP-0x8]; PUSH EAX}
.text KernelBase.dll!ObjectPrivilegeAuditAlarmW + F 7559408F 50 Bytes [15, 98, 10, 56, 75, FF, 75, ...]
.text KernelBase.dll!ObjectPrivilegeAuditAlarmW + 42 755940C2 34 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!ObjectDeleteAuditAlarmW + 1E 755940E5 105 Bytes [FF, 15, 74, 14, 56, 75, 85, ...]
.text KernelBase.dll!SetAclInformation + 2E 75594150 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text KernelBase.dll!AddAccessDeniedAceEx + 1 75594154 31 Bytes [FF, 55, 8B, EC, FF, 75, 18, ...]
.text KernelBase.dll!AddAccessDeniedAceEx + 21 75594174 22 Bytes [00, C0, 75, 0D, 68, EC, 03, ...]
.text KernelBase.dll!AddAccessDeniedAceEx + 38 7559418B 77 Bytes [33, C0, EB, 03, 33, C0, 40, ...]
.text KernelBase.dll!AddAuditAccessAceEx + 3E 755941D9 36 Bytes [33, C0, EB, 03, 33, C0, 40, ...]
.text KernelBase.dll!AddAccessAllowedObjectAce + 15 755941FE 8 Bytes [75, 0C, FF, 75, 08, FF, 15, ...]
.text KernelBase.dll!AddAccessAllowedObjectAce + 1E 75594207 48 Bytes [56, 75, 85, C0, 7D, 1E, 3D, ...]
.text KernelBase.dll!AddAccessDeniedObjectAce + 1 75594238 133 Bytes [FF, 55, 8B, EC, FF, 75, 20, ...]
.text KernelBase.dll!AddAuditAccessObjectAce + 39 755942BE 28 Bytes [10, 56, 75, EB, 06, 50, E8, ...]
.text KernelBase.dll!FindFirstFreeAce + 2 755942DB 54 Bytes [55, 8B, EC, FF, 75, 0C, FF, ...]
.text KernelBase.dll!ConvertToAutoInheritPrivateObjectSecurity + 9 75594312 3 Bytes [75, 18, FF]
.text KernelBase.dll!ConvertToAutoInheritPrivateObjectSecurity + D 75594316 16 Bytes [14, FF, 75, 10, FF, 75, 0C, ...] {ADC AL, 0xff; JNZ 0x14; PUSH DWORD [EBP+0xc]; PUSH DWORD [EBP+0x8]; CALL [0x75561518]}
.text KernelBase.dll!ConvertToAutoInheritPrivateObjectSecurity + 1F 75594328 18 Bytes CALL 75566A7B \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!ConvertToAutoInheritPrivateObjectSecurity + 32 7559433B 19 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH DWORD [EBP+0x28]; PUSH DWORD [EBP+0x24]; PUSH DWORD [EBP+0x20]}
.text KernelBase.dll!CreatePrivateObjectSecurityWithMultipleInheritance + F 7559434F 14 Bytes [75, 1C, FF, 75, 18, FF, 75, ...] {JNZ 0x1e; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text KernelBase.dll!CreatePrivateObjectSecurityWithMultipleInheritance + 1E 7559435E 10 Bytes [75, 08, FF, 15, 20, 15, 56, ...] {JNZ 0xa; CALL [0x75561520]; TEST EAX, EAX}
.text KernelBase.dll!CreatePrivateObjectSecurityWithMultipleInheritance + 29 75594369 21 Bytes CALL 75566A7C \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!CreatePrivateObjectSecurityWithMultipleInheritance + 3F 7559437F 21 Bytes [90, 8B, FF, 55, 8B, EC, FF, ...]
.text KernelBase.dll!SetPrivateObjectSecurity + 16 75594396 2 Bytes [24, 15] {AND AL, 0x15}
.text KernelBase.dll!SetPrivateObjectSecurity + 1C 7559439C 39 Bytes CALL 75566A7B \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!SetPrivateObjectSecurityEx + 10 755943C4 4 Bytes [10, FF, 75, 0C] {ADC BH, BH; JNZ 0x10}
.text KernelBase.dll!SetPrivateObjectSecurityEx + 15 755943C9 34 Bytes [75, 08, FF, 15, 28, 15, 56, ...]
.text KernelBase.dll!GetPrivateObjectSecurity + 1 755943EC 10 Bytes [FF, 55, 8B, EC, FF, 75, 18, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]}
.text KernelBase.dll!GetPrivateObjectSecurity + C 755943F7 83 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
.text KernelBase.dll!GetSecurityDescriptorRMControl + 1 7559444B 52 Bytes [FF, 55, 8B, EC, FF, 75, 0C, ...]
.text KernelBase.dll!SetSecurityDescriptorRMControl + 11 75594480 48 Bytes [33, C0, 5D, C2, 08, 00, 90, ...]
.text KernelBase.dll!SetSecurityDescriptorRMControl + 42 755944B1 205 Bytes [55, 8B, EC, 51, 51, A3, 60, ...]
.text KernelBase.dll!SetSecurityDescriptorRMControl + 110 7559457F 2 Bytes [02, F3] {ADD DH, BL}
.text KernelBase.dll!SetSecurityDescriptorRMControl + 113 75594582 6 Bytes [8B, 0D, 24, 03, FE, 7F] {MOV ECX, [0x7ffe0324]}
.text KernelBase.dll!SetSecurityDescriptorRMControl + 11A 75594589 27 Bytes [15, 20, 03, FE, 7F, A1, 28, ...]
.text ...
.text KernelBase.dll!CheckGroupPolicyEnabled + 23 75595142 11 Bytes [FF, BF, 19, 00, 02, 00, 57, ...]
.text KernelBase.dll!CheckGroupPolicyEnabled + 2F 7559514E 11 Bytes [FF, BE, 68, 07, 59, 75, 56, ...]
.text KernelBase.dll!CheckGroupPolicyEnabled + 3B 7559515A 1 Byte [FF]
.text KernelBase.dll!CheckGroupPolicyEnabled + 3B 7559515A 10 Bytes [FF, 68, 40, 07, 59, 75, 8D, ...] {JMP FAR DWORD [EAX+0x40]; POP ES; POP ECX; JNZ 0xffffffffffffff94; TEST ESP, ESP; STD }
.text KernelBase.dll!CheckGroupPolicyEnabled + 47 75595166 11 Bytes [50, 89, 9D, E4, FD, FF, FF, ...]
.text ...
.text KernelBase.dll!FindStringOrdinal + 62 7559535B 27 Bytes [0F, 85, A1, 00, 00, 00, 8B, ...]
.text KernelBase.dll!FindStringOrdinal + 7E 75595377 9 Bytes [75, 0A, 8B, 4D, 0C, E8, 08, ...]
.text KernelBase.dll!FindStringOrdinal + 88 75595381 32 Bytes [8B, F0, 83, FB, FF, 75, 0D, ...]
.text KernelBase.dll!FindStringOrdinal + A9 755953A2 6 Bytes [84, F6, 03, 00, 00, 81]
.text KernelBase.dll!FindStringOrdinal + B0 755953A9 43 Bytes [00, 00, 20, 00, 74, 18, 81, ...]
.text ...
.text KernelBase.dll!NlsCheckPolicy + 17 75595B90 59 Bytes [74, 26, 83, C0, 02, 3B, C8, ...]
.text KernelBase.dll!NlsCheckPolicy + 53 75595BCC 4 Bytes [25, EC, 04, 00]
.text KernelBase.dll!NlsCheckPolicy + 58 75595BD1 8 Bytes [5D, C2, 08, 00, 90, 90, 90, ...] {POP EBP; RET 0x8; NOP ; NOP ; NOP ; NOP }
.text KernelBase.dll!GetFallbackDisplayName 75595BDA 41 Bytes [8B, FF, 55, 8B, EC, E8, 83, ...]
.text KernelBase.dll!GetFallbackDisplayName + 2A 75595C04 114 Bytes [00, 00, 8B, 40, 18, 8D, 04, ...]
.text KernelBase.dll!GetFallbackDisplayName + 9D 75595C77 47 Bytes [89, 90, 00, 00, 00, 8B, 40, ...]
.text KernelBase.dll!IsValidLanguageGroup + 1C 75595CA7 57 Bytes [00, A1, C0, 49, 5A, 75, 33, ...]
.text KernelBase.dll!IsValidLanguageGroup + 56 75595CE1 105 Bytes [FF, 50, 6A, 01, 6A, 10, FF, ...]
.text KernelBase.dll!IsValidLanguageGroup + C1 75595D4C 86 Bytes [74, DD, 33, C0, 8B, 4D, FC, ...]
.text KernelBase.dll!IsValidLanguageGroup + 119 75595DA4 28 Bytes [00, 89, 4D, 0C, 8D, 8E, A0, ...]
.text KernelBase.dll!IsValidLanguageGroup + 136 75595DC1 4 Bytes [83, A1, 01, 00]
.text ...
.text KernelBase.dll!GetPtrCalData + 1 75595FA6 70 Bytes [FF, 55, 8B, EC, 83, 7D, 08, ...]
.text KernelBase.dll!GetEraNameCountedString + 10 75595FEE 17 Bytes [85, C0, 74, 2B, 66, 8B, 08, ...] {TEST EAX, EAX; JZ 0x2f; MOV CX, [EAX]; SUB CX, [EBP+0x10]; INC CX; CMP DWORD [EBP+0x14], 0x0}
.text KernelBase.dll!GetEraNameCountedString + 23 75596001 156 Bytes [C9, 0F, B7, C9, 8B, 04, 88, ...]
.text KernelBase.dll!GetEraNameCountedString + C0 7559609E 58 Bytes [68, 00, 2D, 00, 54, 00, 57, ...]
.text KernelBase.dll!GetEraNameCountedString + FB 755960D9 14 Bytes CALL 75583231 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetEraNameCountedString + 10A 755960E8 59 Bytes [15, 38, 10, 56, 75, 85, F6, ...]
.text ...
.text KernelBase.dll!SetCalendarInfoW + 2 755963A6 31 Bytes [55, 8B, EC, 81, EC, 80, 02, ...]
.text KernelBase.dll!SetCalendarInfoW + 23 755963C7 3 Bytes CALL 75566E05 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!SetCalendarInfoW + 27 755963CB 57 Bytes [89, 85, EC, FD, FF, FF, 3B, ...]
.text KernelBase.dll!SetCalendarInfoW + 61 75596405 23 Bytes [FF, FF, BF, 83, 7D, 10, 30, ...]
.text KernelBase.dll!SetCalendarInfoW + 79 7559641D 34 Bytes [85, F0, FD, FF, FF, 83, F8, ...]
.text ...
.text KernelBase.dll!SetLocaleInfoW 7559657D 10 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
.text KernelBase.dll!SetLocaleInfoW + B 75596588 51 Bytes [A1, C0, 49, 5A, 75, 33, C5, ...]
.text KernelBase.dll!SetLocaleInfoW + 3F 755965BC 7 Bytes [00, 3B, DE, 0F, 84, B1, 01]
.text KernelBase.dll!SetLocaleInfoW + 47 755965C4 39 Bytes [00, 6A, 01, 68, B0, 67, 59, ...]
.text KernelBase.dll!SetLocaleInfoW + 6F 755965EC 1 Byte [68]
.text ...
.text KernelBase.dll!NlsUpdateSystemLocale + 1C 75596AD0 99 Bytes [83, 7D, 0C, 01, 74, 07, B8, ...]
.text KernelBase.dll!NlsUpdateSystemLocale + 80 75596B34 52 Bytes [24, FF, 75, 08, 57, FF, 15, ...]
.text KernelBase.dll!NlsUpdateLocale + 2 75596B69 49 Bytes [55, 8B, EC, 81, EC, 68, 02, ...]
.text KernelBase.dll!NlsUpdateLocale + 35 75596B9C 44 Bytes [74, 0A, B8, 58, 05, 00, 00, ...]
.text KernelBase.dll!NlsUpdateLocale + 63 75596BCA 37 Bytes [F6, 45, 0C, 01, 0F, 84, DF, ...]
.text KernelBase.dll!NlsUpdateLocale + 89 75596BF0 50 Bytes [FF, 85, C0, 74, 3D, 53, 89, ...]
.text KernelBase.dll!NlsUpdateLocale + BC 75596C23 14 Bytes CALL 7559EC57 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text KernelBase.dll!NlsDispatchAnsiEnumProc + 1 75597033 48 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
.text KernelBase.dll!NlsDispatchAnsiEnumProc + 32 75597064 101 Bytes CALL 75596F3E \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!NlsDispatchAnsiEnumProc + 98 755970CA 15 Bytes [75, F4, 57, FF, 75, 1C, FF, ...] {JNZ 0xfffffffffffffff6; PUSH EDI; PUSH DWORD [EBP+0x1c]; CALL [EBP+0xc]; JMP 0x23; PUSH DWORD [EBP+0x24]; PUSH EDI}
.text KernelBase.dll!NlsDispatchAnsiEnumProc + A8 755970DA 16 Bytes [75, 20, FF, 75, 1C, FF, 55, ...] {JNZ 0x22; PUSH DWORD [EBP+0x1c]; CALL [EBP+0xc]; JMP 0x13; PUSH DWORD [EBP+0x1c]; JMP 0xffffffffffffffe3; PUSH EDI}
.text KernelBase.dll!NlsDispatchAnsiEnumProc + B9 755970EB 29 Bytes [55, 0C, 89, 45, FC, 8B, 35, ...]
.text ...
.text KernelBase.dll!Internal_EnumLanguageGroupLocales + 27 75597157 52 Bytes [86, 02, 00, 00, 6A, 02, 5E, ...]
.text KernelBase.dll!Internal_EnumLanguageGroupLocales + 5C 7559718C 4 Bytes CALL 75574D43 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!Internal_EnumLanguageGroupLocales + 61 75597191 72 Bytes [85, C0, 0F, 84, 4F, 02, 00, ...]
.text KernelBase.dll!Internal_EnumLanguageGroupLocales + AA 755971DA 4 Bytes [83, C4, 0C, 8D]
.text KernelBase.dll!Internal_EnumLanguageGroupLocales + AF 755971DF 2 Bytes [B4, FD] {MOV AH, 0xfd}

otulka · #11 Příspěvek od **otulka** » 12 zář 2010 10:33

.text ...
.text KernelBase.dll!Internal_EnumSystemCodePages + 33 75597433 76 Bytes [FF, 89, BD, B8, FD, FF, FF, ...]
.text KernelBase.dll!Internal_EnumSystemCodePages + 80 75597480 41 Bytes [C0, 0F, 84, 7C, 01, 00, 00, ...]
.text KernelBase.dll!Internal_EnumSystemCodePages + AA 755974AA 8 Bytes [FF, 50, 6A, 01, 57, E9, B3, ...] {CALL [EAX+0x6a]; ADD [EDI-0x17], EDX; MOV BL, 0x0}
.text KernelBase.dll!Internal_EnumSystemCodePages + B4 755974B4 2 Bytes [3B, C7] {CMP EAX, EDI}
.text KernelBase.dll!Internal_EnumSystemCodePages + B7 755974B7 3 Bytes [8C, DD, 00]
.text ...
.text KernelBase.dll!EnumLanguageGroupLocalesW + 1C 75597655 54 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!EnumSystemLocalesEx + 12 7559768C 6 Bytes [33, C0, EB, 14, 6A, 00] {XOR EAX, EAX; JMP 0x18; PUSH 0x0}
.text KernelBase.dll!EnumSystemLocalesEx + 19 75597693 6 Bytes [75, 10, 6A, 01, 6A, 01] {JNZ 0x12; PUSH 0x1; PUSH 0x1}
.text KernelBase.dll!EnumSystemLocalesEx + 20 7559769A 14 Bytes [75, 0C, FF, 75, 08, E8, 15, ...] {JNZ 0xe; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffffed01f; POP EBP; RET 0x10}
.text KernelBase.dll!EnumSystemLocalesEx + 2F 755976A9 107 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text KernelBase.dll!EnumCalendarInfoExW + 1D 75597715 38 Bytes [10, 50, FF, 75, 08, E8, EC, ...]
.text KernelBase.dll!EnumDateFormatsExW + 14 7559773C 49 Bytes [6A, 01, 6A, 01, FF, 75, 10, ...]
.text KernelBase.dll!EnumDateFormatsExW + 46 7559776E 39 Bytes [66, 3B, C1, 76, 08, 83, C1, ...]
.text KernelBase.dll!EnumDateFormatsExW + 6E 75597796 44 Bytes [83, F9, 5D, 77, 15, B9, 96, ...]
.text KernelBase.dll!EnumDateFormatsExW + 9B 755977C3 6 Bytes [49, 5A, 75, 33, C5, 89]
.text KernelBase.dll!EnumDateFormatsExW + A2 755977CA 25 Bytes [FC, 8B, 45, 14, 89, 45, D4, ...]
.text ...
.text KernelBase.dll!GetCurrencyFormatW + 7 7559E3AF 28 Bytes CALL 75566E00 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetCurrencyFormatW + 24 7559E3CC 57 Bytes [C9, 75, 05, 39, 4D, 1C, 75, ...]
.text KernelBase.dll!GetCurrencyFormatEx + 6 7559E406 190 Bytes CALL 7556CDC8 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetCurrencyFormatEx + C5 7559E4C5 38 Bytes [EB, DA, 56, FF, 75, 10, 03, ...]
.text KernelBase.dll!GetFileMUIInfo + 1 7559E4EC 37 Bytes [FF, 55, 8B, EC, 83, EC, 30, ...]
.text KernelBase.dll!GetFileMUIInfo + 27 7559E512 38 Bytes [00, 89, 75, F0, FF, D7, 39, ...]
.text KernelBase.dll!GetFileMUIInfo + 4E 7559E539 14 Bytes [DE, 75, 0D, 6A, 57, FF, 15, ...]
.text KernelBase.dll!GetFileMUIInfo + 5D 7559E548 75 Bytes [00, 83, FF, 50, 73, 10, 3B, ...]
.text KernelBase.dll!GetFileMUIInfo + A9 7559E594 79 Bytes [75, 08, 6A, 22, 6A, 00, FF, ...]
.text ...
.text KernelBase.dll!GetProcessPreferredUILanguages + 57 7559EA0C 6 Bytes [75, 0C, 8D, 45, F8, 50] {JNZ 0xe; LEA EAX, [EBP-0x8]; PUSH EAX}
.text KernelBase.dll!GetProcessPreferredUILanguages + 5E 7559EA13 17 Bytes [15, 98, 10, 56, 75, 8D, 45, ...]
.text KernelBase.dll!GetProcessPreferredUILanguages + 70 7559EA25 16 Bytes [89, 7D, E4, C7, 45, EC, 40, ...] {MOV [EBP-0x1c], EDI; MOV DWORD [EBP-0x14], 0x40; MOV [EBP-0x10], ESI; MOV [EBP-0xc], ESI}
.text KernelBase.dll!GetProcessPreferredUILanguages + 81 7559EA36 12 Bytes [45, E0, 39, 75, 14, 74, 13, ...] {INC EBP; LOOPNZ 0x3c; JNZ 0x19; JZ 0x1a; PUSH ESI; PUSH ESI; PUSH ESI; PUSH ESI; PUSH EAX}
.text KernelBase.dll!GetProcessPreferredUILanguages + 8E 7559EA43 44 Bytes [75, 10, FF, 75, 18, FF, 15, ...]
.text ...
.text KernelBase.dll!NlsEventDataDescCreate + 2 7559EB0C 48 Bytes [55, 8B, EC, 8B, 45, 0C, 53, ...]
.text KernelBase.dll!NlsEventDataDescCreate + 33 7559EB3D 3 Bytes CALL 7556DE86 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!NlsEventDataDescCreate + 38 7559EB42 5 Bytes [8D, 5C, 00, 02, E9]
.text KernelBase.dll!NlsEventDataDescCreate + 3E 7559EB48 88 Bytes [00, 00, 00, 8B, 5D, 14, 8B, ...]
.text KernelBase.dll!NlsEventDataDescCreate + 97 7559EBA1 9 Bytes CALL 75581260 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text KernelBase.dll!NlsWriteEtwEvent + 11 7559EC68 105 Bytes [6A, 00, 6A, 00, 68, 1C, 07, ...]
.text KernelBase.dll!NlsWriteEtwEvent + 7B 7559ECD2 57 Bytes [45, 08, 56, 57, 33, F6, 50, ...]
.text KernelBase.dll!NlsWriteEtwEvent + B5 7559ED0C 25 Bytes [FF, 75, 0C, FF, 15, 88, 11, ...]
.text KernelBase.dll!NlsWriteEtwEvent + D0 7559ED27 80 Bytes [04, 00, 00, 00, 89, B5, E4, ...]
.text KernelBase.dll!NlsWriteEtwEvent + 121 7559ED78 10 Bytes [85, C0, 75, 07, 66, 89, 85, ...]
.text ...
.text KernelBase.dll!GetNLSVersion + 2 7559FEA7 4 Bytes [55, 8B, EC, 6A]
.text KernelBase.dll!GetNLSVersion + 7 7559FEAC 28 Bytes CALL 75566E00 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetNLSVersion + 25 7559FECA 35 Bytes [FF, EB, 09, 6A, 57, E8, 95, ...]
.text KernelBase.dll!GetNLSVersionEx + 10 7559FEEF 9 Bytes [7D, 10, 00, 74, 12, 85, C0, ...]
.text KernelBase.dll!GetNLSVersionEx + 1A 7559FEF9 13 Bytes [75, 10, 50, FF, 75, 08, E8, ...] {JNZ 0x12; PUSH EAX; PUSH DWORD [EBP+0x8]; CALL 0xffffffffffffff20; JMP 0x16}
.text KernelBase.dll!GetNLSVersionEx + 28 7559FF07 53 Bytes CALL 75567F68 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!GetNLSVersionEx + 5E 7559FF3D 17 Bytes [45, FC, 56, 8B, 73, 08, 57, ...] {INC EBP; CLD ; PUSH ESI; MOV ESI, [EBX+0x8]; PUSH EDI; MOV EDI, [EBX+0xc]; CALL 0xfffffffffffd3993; TEST EAX, EAX}
.text KernelBase.dll!GetNLSVersionEx + 70 7559FF4F 24 Bytes JMP 7559FFFE \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text KernelBase.dll!QueryThreadpoolStackInformation 755A0531 22 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
.text KernelBase.dll!QueryThreadpoolStackInformation + 18 755A0549 2 Bytes [24, 16] {AND AL, 0x16}
.text KernelBase.dll!QueryThreadpoolStackInformation + 1C 755A054D 23 Bytes [33, C0, EB, 03, 33, C0, 40, ...]
.text KernelBase.dll!QueryThreadpoolStackInformation + 35 755A0566 79 Bytes [48, 08, 85, C9, 74, 08, FF, ...]
.text KernelBase.dll!CallbackMayRunLong + 39 755A05B6 10 Bytes CALL 75567F95 \Windows\System32\KernelBase.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text KernelBase.dll!CallbackMayRunLong + 45 755A05C2 37 Bytes [00, 8B, 40, 30, 56, 6A, 00, ...]
.text KernelBase.dll!CallbackMayRunLong + 6B 755A05E8 62 Bytes [63, FC, FF, 8B, 45, 0C, 89, ...]
.text KernelBase.dll!CallbackMayRunLong + AA 755A0627 37 Bytes [10, 56, 75, 5E, 5D, C2, 04, ...]
.text KernelBase.dll!BemFreeReference + 19 755A064D 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text KernelBase.dll!BemCopyReference + 1B 755A066D 80 Bytes [C0, 7C, 0B, 8B, 4D, FC, 8B, ...]
.text KernelBase.dll!BemFreeContract + 3A 755A06BE 9 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text KernelBase.dll!BemFreeContract + 44 755A06C8 48 Bytes [6E, 74, 64, 6C, 6C, 2E, 64, ...]
.text KernelBase.dll!BemFreeContract + 75 755A06F9 10 Bytes [0D, 04, 00, 0A, 0E, 04, 00, ...]
.text KernelBase.dll!BemFreeContract + 80 755A0704 27 Bytes [3A, 0E, 04, 00, 56, 0E, 04, ...]
.text KernelBase.dll!BemFreeContract + 9C 755A0720 21 Bytes JMP 0200040E
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[504] kernel32.dll!SetUnhandledExceptionFilter 75793162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2484] ntdll.dll!LdrLoadDll 771BF625 5 Bytes JMP 013513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BC18042] \SystemRoot\System32\Drivers\spsb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BC186D6] \SystemRoot\System32\Drivers\spsb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BC18800] \SystemRoot\System32\Drivers\spsb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BC1813E] \SystemRoot\System32\Drivers\spsb.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe[2616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75205E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75205E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe[2616] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75205E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe[2616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75205E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe[2616] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75205E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0164C7B0
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0164C810
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0164CA00
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0164CAA0
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0164C1B0
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0164C170
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 016499A0
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01649920
IAT C:\Program Files\DAP\DAP.exe[3660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0164C540

---- Devices - GMER 1.0.15 ----

Device 857431F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device 87F551F8
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{C8CC226A-8231-422E-ACCA-4B44880E5260} 86CEC1F8
Device \Driver\volmgr \Device\VolMgrControl 8573E1F8
Device \Driver\usbohci \Device\USBPDO-0 86E311F8
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 86E311F8
Device \Driver\usbehci \Device\USBPDO-2 86E1E220
Device \Driver\usbohci \Device\USBPDO-3 86E311F8
Device \Driver\usbohci \Device\USBPDO-4 86E311F8
Device \Driver\usbehci \Device\USBPDO-5 86E1E220
Device \Driver\usbohci \Device\USBPDO-6 86E311F8

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 867A31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 857401F8
Device \Driver\atapi \Device\Ide\IdePort0 857401F8
Device \Driver\atapi \Device\Ide\IdePort1 857401F8
Device \Driver\atapi \Device\Ide\IdePort2 857401F8
Device \Driver\atapi \Device\Ide\IdePort3 857401F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 857401F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86CEC1F8
Device \Driver\USBSTOR \Device\00000078 87B731F8
Device \Driver\usbohci \Device\USBFDO-0 86E311F8
Device 87B731F8
Device \Driver\usbohci \Device\USBFDO-1 86E311F8
Device \Driver\usbehci \Device\USBFDO-2 86E1E220
Device \Driver\usbohci \Device\USBFDO-3 86E311F8
Device \Driver\usbohci \Device\USBFDO-4 86E311F8
Device \Driver\usbehci \Device\USBFDO-5 86E1E220
Device \Driver\usbohci \Device\USBFDO-6 86E311F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port0Path0Target14Lun0 857411F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 857411F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011b107a25f
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCB 0x39 0xC2 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0xD8 0x59 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDA 0xA7 0x0C 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011b107a25f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCB 0x39 0xC2 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0xD8 0x59 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDA 0xA7 0x0C 0xAE ...

---- EOF - GMER 1.0.15 ----

#12 Příspěvek od **earl** » 12 zář 2010 10:47

Stahnete OTC

spustte a klepnete na CleanUp.

Obrázek

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo

)

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.

otulka · #13 Příspěvek od **otulka** » 13 zář 2010 06:09

Všechno je OK.
Děkuji za pomoc.
Nemám poslat ještě nějaký log?

#14 Příspěvek od **earl** » 13 zář 2010 17:06

Ne,tot z me strany vse.

A nemate zac

VIRY.CZ

Sekání, zpomalení - log Malwarebit

Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit

Re: Sekání, zpomalení - log Malwarebit