Vytvořte log z GMERu podle návodu zde : http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a vložte sem jeho logy.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prevence
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Vytvořte log z GMERu podle návodu zde : http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a vložte sem jeho logy.Koupím trochu času, cenu respektuji.
Re: prevence
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-16 21:07:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 Maxtor_6L200P0 rev.BAH41G10
Running: gmer.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\fgxdykog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADE63BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADE63A5D]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADEBB902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\VClone \Device\Scsi\VClone1 89C271F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 89C271F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89E021F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat 8890A1F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2011-06-16 21:07:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 Maxtor_6L200P0 rev.BAH41G10
Running: gmer.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\fgxdykog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADE63BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADE63A5D]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADEBB902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\VClone \Device\Scsi\VClone1 89C271F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 89C271F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89E021F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat 8890A1F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
d.a.p
Re: prevence
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-16 21:16:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 Maxtor_6L200P0 rev.BAH41G10
Running: gmer.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\fgxdykog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xADE3F202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xADEA5CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xADE636C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xADE4181C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xADE41874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xADE4198A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xADE63075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xADE41772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xADE418C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xADE417C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xADE41938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xADE3F226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xADE63D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xADE6403D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xADE41C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADE63BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADE63A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xADEA5D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xADE3EFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xADE3F24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xADE41D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xADE3FCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xADE4184C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xADE4189C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xADE419B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xADE633D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xADE4179E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xADE41A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xADE41904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xADE417F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xADE41B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xADE41962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xADEA5DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xADE638D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xADE3FBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xADE6372A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xADEAEE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xADE626E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xADE3F26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xADE3F292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xADE3F04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xADE3F186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xADE63E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xADE3F162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xADE3F1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xADE3F2B6]
INT 0x62 ? 89E03BF8
INT 0x73 ? 89E03BF8
INT 0x83 ? 89C28BF8
INT 0x83 ? 89C28BF8
INT 0x83 ? 89C28BF8
INT 0xA4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADEBB902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 26, E6, AD]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL ADE40335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP ADEB72BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP ADEB8D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP ADEBB906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spru.sys Systém nemůže nalézt uvedený soubor. !
.text Mup.sys F70E8561 1 Byte [3C]
.text Mup.sys F70E90A3 1 Byte [ED]
.text Mup.sys F70E972A 1 Byte [E6]
.text Mup.sys F70E9AAB 2 Bytes [B9, 99]
.text Mup.sys F70E9B3F 1 Byte [36]
.text ...
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2031000, 0x2A1A98, 0xE8000020]
.text USBPORT.SYS!DllUnload F1F7E8AC 5 Bytes JMP 89C281D8
.text afd.sys AE0389E8 1 Byte [31]
.text afd.sys AE0389ED 1 Byte [01]
.text afd.sys AE038E17 1 Byte [B2]
.text afd.sys AE039081 1 Byte [48]
.text afd.sys AE039207 1 Byte [66]
.text ...
.text mrxsmb.sys ADF9D40B 1 Byte [94]
.text mrxsmb.sys ADF9D411 1 Byte [CE] {INTO }
.text mrxsmb.sys ADF9D41C 1 Byte [CD]
.text mrxsmb.sys ADF9D422 1 Byte [CE] {INTO }
.text mrxsmb.sys ADF9D42B 1 Byte [CE] {INTO }
.text ...
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP ADE42CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP ADE42BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP ADE41F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP ADE42E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP ADE43040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP ADE42B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP ADE41FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP ADE421AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP ADE42352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP ADE41E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP ADE42C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP ADE42F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP ADE4232A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP ADE41E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP ADE42D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP ADE4206A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP ADE420DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP ADE42114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP ADE41DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP ADE41F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP ADE42034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP ADE4246C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP ADE42EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
Rootkit scan 2011-06-16 21:16:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 Maxtor_6L200P0 rev.BAH41G10
Running: gmer.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\fgxdykog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xADE3F202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xADEA5CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xADE636C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xADE4181C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xADE41874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xADE4198A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xADE63075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xADE41772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xADE418C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xADE417C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xADE41938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xADE3F226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xADE63D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xADE6403D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xADE41C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADE63BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADE63A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xADEA5D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xADE3EFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xADE3F24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xADE41D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xADE3FCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xADE4184C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xADE4189C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xADE419B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xADE633D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xADE4179E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xADE41A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xADE41904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xADE417F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xADE41B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xADE41962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xADEA5DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xADE638D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xADE3FBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xADE6372A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xADEAEE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xADE626E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xADE3F26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xADE3F292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xADE3F04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xADE3F186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xADE63E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xADE3F162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xADE3F1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xADE3F2B6]
INT 0x62 ? 89E03BF8
INT 0x73 ? 89E03BF8
INT 0x83 ? 89C28BF8
INT 0x83 ? 89C28BF8
INT 0x83 ? 89C28BF8
INT 0xA4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
INT 0xB4 ? 89C28BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADEBB902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 26, E6, AD]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL ADE40335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP ADEB72BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP ADEB8D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP ADEBB906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spru.sys Systém nemůže nalézt uvedený soubor. !
.text Mup.sys F70E8561 1 Byte [3C]
.text Mup.sys F70E90A3 1 Byte [ED]
.text Mup.sys F70E972A 1 Byte [E6]
.text Mup.sys F70E9AAB 2 Bytes [B9, 99]
.text Mup.sys F70E9B3F 1 Byte [36]
.text ...
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2031000, 0x2A1A98, 0xE8000020]
.text USBPORT.SYS!DllUnload F1F7E8AC 5 Bytes JMP 89C281D8
.text afd.sys AE0389E8 1 Byte [31]
.text afd.sys AE0389ED 1 Byte [01]
.text afd.sys AE038E17 1 Byte [B2]
.text afd.sys AE039081 1 Byte [48]
.text afd.sys AE039207 1 Byte [66]
.text ...
.text mrxsmb.sys ADF9D40B 1 Byte [94]
.text mrxsmb.sys ADF9D411 1 Byte [CE] {INTO }
.text mrxsmb.sys ADF9D41C 1 Byte [CD]
.text mrxsmb.sys ADF9D422 1 Byte [CE] {INTO }
.text mrxsmb.sys ADF9D42B 1 Byte [CE] {INTO }
.text ...
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP ADE42CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP ADE42BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP ADE41F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP ADE42E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP ADE43040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP ADE42B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP ADE41FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP ADE421AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP ADE42352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP ADE41E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP ADE42C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP ADE42F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP ADE4232A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP ADE41E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP ADE42D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP ADE4206A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP ADE420DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP ADE42114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP ADE41DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP ADE41F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP ADE42034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP ADE4246C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP ADE42EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
d.a.p
Re: prevence
User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\smss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[892] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[892] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\smss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[964] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[1196] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[1432] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1840] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[2044] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2684] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
d.a.p
Re: prevence
C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00451014
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00450804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00450A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00450C0C
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00450E10
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004501F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004503FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00450600
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spru.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spru.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!ExReleaseFastMutex] [805FF50A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KfAcquireSpinLock] [8050684A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KfReleaseSpinLock] [804F7E92] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!ExAcquireFastMutex] [8050944E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KeGetCurrentIrql] [80544FAC] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPN] [805378AA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!CredMarshalTargetInfo] [8054B950] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPNEx] [80537A18] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!AcquireCredentialsHandleW] [805409D0] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitializeSecurityContextW] [80546198] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeContextBuffer] [805461BC] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeCredentialsHandle] [8053792A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!DeleteSecurityContext] [805E1AEA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitSecurityInterfaceW] [8067D728] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!QueryContextAttributesW] [80509056] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!MapSecurityError] [8054B2E0] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!GetSecurityUserInfo] [805E2F06] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheCheckEntry] [AE00DA20] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheExpireEntry] [AE00DA40] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFetchEntry] [AE024093] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheCreateEntry] [AE01FC11] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheActivateEntry] [AE03223D] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheScavengeNameCaches] [AE00FCCC] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNewMapUserBuffer] [AE00DDC8] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpAcquirePrefixTableLockExclusive] [AE01941F] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryTransportInformation] [AE0258C5] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryAdapterStatus] [AE019AF5] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinalizeConnection] [AE017EDD] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpReleasePrefixTableLock] [AE019686] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxIndicateChangeOfBufferingStateForSrvOpen] [AE00E7B3] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeInitiateVCDisconnect] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildConnection] [F7869AF0] \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildConnectionOverMultipleTransports] [F7869992] \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownVC] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownConnection] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryInformation] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeSend] [ADFB11D3] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPurgeAllFobxs] [ADFB11DC] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxScavengeAllFobxs] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildTransport] [ADFB1277] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildAddress] [ADFB1280] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownAddress] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownTransport] [ADFAB374] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventWithAnnotation] [ADFAB37D] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxDereferenceAndDeleteRxContext_Real] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinalizeNetRoot] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetMinirdrCancelRoutine] [ADFDAF93] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheInitialize] [ADFDAFA6] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheInitializeEx] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxGetRDBSSProcess] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFinalize] [ADFDB3C2] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFinalizeEx] [ADFDB3CB] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetSrvCallDomainName] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCancelTimerRequest] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPostOneShotTimerRequest] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLowIoGetBufferAddress] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireSharedFcbResourceInMRx] 003F002E
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxInferFileType] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxIndicateChangeOfBufferingState] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinishFcbInitialization] 00500048
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCreateNetFobx] 00530046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPostToWorkerThread] 00380033
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeSendDatagram] 00000036
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxReleaseFcbResourceForThreadInMRx] 00500048
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireSharedFcbResourceInMRxEx] 00530046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxRegisterMinirdr] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSpinDownMRxDispatcher] 004E002A
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventDirect] 00350054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventWithBufferDirect] 00530043
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFsdDispatch] 00000043
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpUnregisterMinirdr] 00410046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLowIoCompletion] 00000054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!__RxSynchronizeBlockingOperationsMaybeDroppingFcbLock] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxResumeBlockedOperations_Serially] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxInitializeContext] [ADFE8CBE] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxGetFileSizeWithLock] [ADFE8CC7] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxReleaseFcbResourceInMRx] 004D005C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireExclusiveFcbResourceInMRx] 00490041
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxDispatchToWorkerThread] 0053004C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxStopMinirdr] 004F004C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxStartMinirdr] 005C0054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!_RxFreePool] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!_RxAllocatePoolWithTag] 0050005C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetDomainForMailslotBroadcast] 00500049
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLockEnumerator] 005C0045
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxForceFinalizeAllVNetRoots] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxScavengeFobxsForNetRoot] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCompleteRequest_Real] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpDereferenceAndFinalizeNetFcb] [ADFDC8FB] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPurgeRelatedFobxs] [ADFDC904] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpDereferenceNetFcb] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpTrackDereference] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpReferenceNetFcb] [ADFE931D] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpTrackReference] [ADFE9326] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[TDI.SYS!TdiDeregisterPnPHandlers] [ADFE9410] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[TDI.SYS!TdiRegisterPnPHandlers] [ADFE9419] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3144] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89E021F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 8890A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CEF1EF50-80A7-46C8-A67F-0E6CB684D65C} 899DE500
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBPDO-0 89AB3500
Device \Driver\usbohci \Device\USBPDO-1 89AB3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{C3FCBB88-1AF1-431D-9787-0F874B3EC8DA} 899DE500
Device \Driver\usbehci \Device\USBPDO-2 89B17500
Device \Driver\usbohci \Device\USBPDO-3 89AB3500
Device \Driver\usbohci \Device\USBPDO-4 89AB3500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 89B17500
Device \Driver\usbohci \Device\USBPDO-6 89AB3500
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E731F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E731F8
Device \Driver\Cdrom \Device\CdRom0 89C1F500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89C1F500
Device \Driver\NetBT \Device\NetBt_Wins_Export 899DE500
Device \Driver\NetBT \Device\NetbiosSmb 899DE500
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 89AB3500
Device \Driver\usbohci \Device\USBFDO-1 89AB3500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89999500
Device \Driver\usbehci \Device\USBFDO-2 89B17500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89999500
Device \Driver\usbohci \Device\USBFDO-3 89AB3500
Device \Driver\usbohci \Device\USBFDO-4 89AB3500
Device \Driver\Ftdisk \Device\FtControl 89E731F8
Device \Driver\usbehci \Device\USBFDO-5 89B17500
Device \Driver\usbohci \Device\USBFDO-6 89AB3500
Device \Driver\VClone \Device\Scsi\VClone1 89C271F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 89C271F8
Device \FileSystem\Fastfat \Fat 8890A1F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs 89C0B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x5B 0x45 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0x7E 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x18 0x1E 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x5B 0x45 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0x7E 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x18 0x1E 0x3D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x69 0xD5 0x5F 0x89 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@Model 133
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@Therad 8
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@MData 0x49 0x74 0xF1 0x15 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\DOCUME~1\a\LOCALS~1\Temp\Dočasný adresář 1 pro gmer.zip\gmer.exe[2976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00550804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00550A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00550600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00560600
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00451014
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00450804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00450A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00450C0C
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00450E10
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004501F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004503FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00450600
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spru.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spru.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!ExReleaseFastMutex] [805FF50A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KfAcquireSpinLock] [8050684A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KfReleaseSpinLock] [804F7E92] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!ExAcquireFastMutex] [8050944E] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[HAL.dll!KeGetCurrentIrql] [80544FAC] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPN] [805378AA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!CredMarshalTargetInfo] [8054B950] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPNEx] [80537A18] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!AcquireCredentialsHandleW] [805409D0] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitializeSecurityContextW] [80546198] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeContextBuffer] [805461BC] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeCredentialsHandle] [8053792A] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!DeleteSecurityContext] [805E1AEA] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitSecurityInterfaceW] [8067D728] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!QueryContextAttributesW] [80509056] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!MapSecurityError] [8054B2E0] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!GetSecurityUserInfo] [805E2F06] \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheCheckEntry] [AE00DA20] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheExpireEntry] [AE00DA40] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFetchEntry] [AE024093] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheCreateEntry] [AE01FC11] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheActivateEntry] [AE03223D] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheScavengeNameCaches] [AE00FCCC] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNewMapUserBuffer] [AE00DDC8] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpAcquirePrefixTableLockExclusive] [AE01941F] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryTransportInformation] [AE0258C5] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryAdapterStatus] [AE019AF5] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinalizeConnection] [AE017EDD] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpReleasePrefixTableLock] [AE019686] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxIndicateChangeOfBufferingStateForSrvOpen] [AE00E7B3] \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeInitiateVCDisconnect] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildConnection] [F7869AF0] \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildConnectionOverMultipleTransports] [F7869992] \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownVC] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownConnection] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeQueryInformation] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeSend] [ADFB11D3] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPurgeAllFobxs] [ADFB11DC] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxScavengeAllFobxs] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildTransport] [ADFB1277] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeBuildAddress] [ADFB1280] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownAddress] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeTearDownTransport] [ADFAB374] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventWithAnnotation] [ADFAB37D] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxDereferenceAndDeleteRxContext_Real] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinalizeNetRoot] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetMinirdrCancelRoutine] [ADFDAF93] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheInitialize] [ADFDAFA6] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheInitializeEx] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxGetRDBSSProcess] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFinalize] [ADFDB3C2] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxNameCacheFinalizeEx] [ADFDB3CB] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetSrvCallDomainName] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCancelTimerRequest] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPostOneShotTimerRequest] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLowIoGetBufferAddress] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireSharedFcbResourceInMRx] 003F002E
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxInferFileType] 003F003F
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxIndicateChangeOfBufferingState] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFinishFcbInitialization] 00500048
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCreateNetFobx] 00530046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPostToWorkerThread] 00380033
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCeSendDatagram] 00000036
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxReleaseFcbResourceForThreadInMRx] 00500048
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireSharedFcbResourceInMRxEx] 00530046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxRegisterMinirdr] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSpinDownMRxDispatcher] 004E002A
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventDirect] 00350054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLogEventWithBufferDirect] 00530043
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxFsdDispatch] 00000043
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpUnregisterMinirdr] 00410046
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLowIoCompletion] 00000054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!__RxSynchronizeBlockingOperationsMaybeDroppingFcbLock] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxResumeBlockedOperations_Serially] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxInitializeContext] [ADFE8CBE] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxGetFileSizeWithLock] [ADFE8CC7] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxReleaseFcbResourceInMRx] 004D005C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxAcquireExclusiveFcbResourceInMRx] 00490041
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxDispatchToWorkerThread] 0053004C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxStopMinirdr] 004F004C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxStartMinirdr] 005C0054
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!_RxFreePool] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!_RxAllocatePoolWithTag] 0050005C
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxSetDomainForMailslotBroadcast] 00500049
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxLockEnumerator] 005C0045
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxForceFinalizeAllVNetRoots] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxScavengeFobxsForNetRoot] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxCompleteRequest_Real] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpDereferenceAndFinalizeNetFcb] [ADFDC8FB] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxPurgeRelatedFobxs] [ADFDC904] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpDereferenceNetFcb] 00000000
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpTrackDereference] FFFFFFFF
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpReferenceNetFcb] [ADFE931D] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[rdbss.sys!RxpTrackReference] [ADFE9326] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[TDI.SYS!TdiDeregisterPnPHandlers] [ADFE9410] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[TDI.SYS!TdiRegisterPnPHandlers] [ADFE9419] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3144] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89E021F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 8890A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CEF1EF50-80A7-46C8-A67F-0E6CB684D65C} 899DE500
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBPDO-0 89AB3500
Device \Driver\usbohci \Device\USBPDO-1 89AB3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{C3FCBB88-1AF1-431D-9787-0F874B3EC8DA} 899DE500
Device \Driver\usbehci \Device\USBPDO-2 89B17500
Device \Driver\usbohci \Device\USBPDO-3 89AB3500
Device \Driver\usbohci \Device\USBPDO-4 89AB3500
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 89B17500
Device \Driver\usbohci \Device\USBPDO-6 89AB3500
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E731F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E731F8
Device \Driver\Cdrom \Device\CdRom0 89C1F500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F720EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89C1F500
Device \Driver\NetBT \Device\NetBt_Wins_Export 899DE500
Device \Driver\NetBT \Device\NetbiosSmb 899DE500
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 89AB3500
Device \Driver\usbohci \Device\USBFDO-1 89AB3500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89999500
Device \Driver\usbehci \Device\USBFDO-2 89B17500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89999500
Device \Driver\usbohci \Device\USBFDO-3 89AB3500
Device \Driver\usbohci \Device\USBFDO-4 89AB3500
Device \Driver\Ftdisk \Device\FtControl 89E731F8
Device \Driver\usbehci \Device\USBFDO-5 89B17500
Device \Driver\usbohci \Device\USBFDO-6 89AB3500
Device \Driver\VClone \Device\Scsi\VClone1 89C271F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 89C271F8
Device \FileSystem\Fastfat \Fat 8890A1F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs 89C0B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x5B 0x45 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0x7E 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x18 0x1E 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x5B 0x45 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x62 0x7E 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x18 0x1E 0x3D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x69 0xD5 0x5F 0x89 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@Model 133
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@Therad 8
Reg HKLM\SOFTWARE\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}@MData 0x49 0x74 0xF1 0x15 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
d.a.p
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Odinstalujte všechny emulátory virtuálních mechanik (Alcohol, Daemon Tools). Stáhněte SPTD, spusťte jej a zvolte možnost Uninstall, poté restartujte počítač. Pokud to nepůjde, tenhle krok přeskočte. Stáhněte Defogger, spusťte jej a zvolte možnost Disable, poté restartujte počítač. Pokud to nepůjde, tenhle krok přeskočte. Stáhněte MBR, uložte jej na plochu. Na stránce http://tinyurl.com/653f7oz vložte následující skript, přepněte přepínač nahoře na bat a dejte OK. Stažený soubor spusťte jako správce, problikne černá obrazovka a v místě uložení staženého souboru se vytvoří soubor MBRlog.txt. Jeho obsah sem vložte.Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s > MBRlog.txtKoupím trochu času, cenu respektuji.
Re: prevence
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L200P0 rev.BAH41G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DE5AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000076[0x89E40538]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-12[0x89DE6D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
Windows 5.1.2600 Disk: Maxtor_6L200P0 rev.BAH41G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DE5AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000076[0x89E40538]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-12[0x89DE6D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
d.a.p
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Stáhněte a rozbalte TDSSKiller, ponechte vše zaškrtlé a spusťte test. Pokud najde nějaký balast, zvolte Cure. Poté sem vložte log.Koupím trochu času, cenu respektuji.
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému Stáhněte ComboFix a uložte jej na Plochu. Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí. Spusťte ComboFix s administrátorským oprávněním. Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení Během skenu nechte počítač naprosto v klidu (doporučuji zdravotní procházku mimo místnost s PC, ještě lépe mimo budovu) Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem ComboFixu si do dalšího pokynu nevšímejte Koupím trochu času, cenu respektuji.
Re: prevence
ComboFix 11-06-17.04 - a 19.06.2011 13:14:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2045.1616 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\a\WINDOWS
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-19 do 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-16 05:50 . 2011-06-19 08:18 5454 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-16 05:46 . 2011-06-16 05:46 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-14 18:40 . 2011-06-14 18:40 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-06-14 18:40 . 2011-06-16 11:01 -------- d-----w- C:\TEACHER
2011-06-14 18:40 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2011-06-14 18:39 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\a\Data aplikací\LangSoft
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 19:43 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 17:49 . 2011-06-14 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-13 17:49 . 2011-06-13 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 17:17 . 2011-06-12 17:17 -------- d-----w- C:\Terasoft
2011-06-12 13:36 . 2011-06-12 13:36 -------- d-----w- c:\program files\IVT Corporation
2011-06-12 13:28 . 2011-06-12 13:28 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\bluesoleil
2011-06-12 13:25 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\Nokia
2011-06-12 13:25 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-06-12 07:29 . 2011-06-17 17:45 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-08 12:18 . 2011-06-08 12:18 -------- d-----w- c:\program files\Sierra
2011-06-05 18:49 . 2011-06-05 18:49 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-05-29 16:06 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-29 16:06 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 16:06 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 16:06 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 16:06 . 2011-05-29 16:06 -------- d-----w- c:\program files\PDFCreator
2011-05-29 16:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-29 12:38 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-05-29 12:38 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-05-29 12:37 . 2011-05-29 12:37 -------- d-----w- C:\Genius
2011-05-29 12:35 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\program files\Driver-Soft
2011-05-28 12:24 . 2011-05-28 12:24 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 4
2011-05-28 09:10 . 2011-05-28 09:10 -------- d-----w- c:\program files\Stabenfeldt
2011-05-28 08:10 . 2011-05-28 08:41 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 11:33 . 2011-05-15 11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 11:32 . 2011-05-15 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-15 11:32 . 2011-04-10 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-10 12:10 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-11 17:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-11 17:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-11 17:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-11 17:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-11 17:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-11 17:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-11 17:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-11 17:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 16:31 . 2011-03-11 15:52 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-03 14:33 . 2011-03-11 15:49 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-02 15:32 . 2011-03-11 15:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41 . 2011-03-11 16:13 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-03-11 16:13 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2011-03-11 16:13 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2011-03-11 16:13 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2011-03-11 16:13 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2011-03-11 16:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-03-11 16:13 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-03-11 16:13 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-13 18:40 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2011-03-11 16:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2011-03-11 16:13 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2011-03-11 16:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2011-03-11 16:13 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2011-03-11 16:13 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2011-03-13 18:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2011-03-11 16:13 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2011-03-11 16:13 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2011-03-11 16:13 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2011-03-11 16:13 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2011-03-11 16:13 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-15 13:48 . 2011-03-11 15:49 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-14 11:36 . 2011-03-11 15:49 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-28 17:46 . 2011-02-01 14:37 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-04-29 18:30 . 2011-03-23 18:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-04-14 11:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [11.3.2011 17:53 19496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 19:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 19:30 307928]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1.2.2011 16:37 98160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 19:30 19544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.5.2011 14:35 101904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2011 14:38 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2011 14:38 11520]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.3.2011 17:52 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2011 17:49 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [29.5.2011 14:38 12288]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.6.2011 21:43 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2011 14:20 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 217.170.96.24 217.170.96.2
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\x255a8hz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,d5,5f,89,fb,2c,cb,8e,b3,70,f5,e4,04,69,83,6c,01,4a,34,0b,15,
7f,10,0c,63,41,5c,00,d0,91,55,5b,8f,12,a1,14,1b,76,c2,19,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:00000008
"MData"=hex(0):49,74,f1,15,a5,c3,e8,38,e0,e3,fd,8e,fa,dc,be,7b,fa,20,8f,b0,6c,
94,f3,7f,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-06-19 13:23:27
ComboFix-quarantined-files.txt 2011-06-19 11:23
.
Před spuštěním: 9 187 426 304
Po spuštění: 9 143 566 336
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 905FB40D5C1728D89A90AC465C384C89
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2045.1616 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\a\WINDOWS
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-19 do 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-16 05:50 . 2011-06-19 08:18 5454 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-16 05:46 . 2011-06-16 05:46 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-14 18:40 . 2011-06-14 18:40 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-06-14 18:40 . 2011-06-16 11:01 -------- d-----w- C:\TEACHER
2011-06-14 18:40 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2011-06-14 18:39 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\a\Data aplikací\LangSoft
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 19:43 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 17:49 . 2011-06-14 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-13 17:49 . 2011-06-13 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 17:17 . 2011-06-12 17:17 -------- d-----w- C:\Terasoft
2011-06-12 13:36 . 2011-06-12 13:36 -------- d-----w- c:\program files\IVT Corporation
2011-06-12 13:28 . 2011-06-12 13:28 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\bluesoleil
2011-06-12 13:25 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\Nokia
2011-06-12 13:25 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-06-12 07:29 . 2011-06-17 17:45 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-08 12:18 . 2011-06-08 12:18 -------- d-----w- c:\program files\Sierra
2011-06-05 18:49 . 2011-06-05 18:49 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-05-29 16:06 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-29 16:06 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 16:06 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 16:06 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 16:06 . 2011-05-29 16:06 -------- d-----w- c:\program files\PDFCreator
2011-05-29 16:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-29 12:38 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-05-29 12:38 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-05-29 12:37 . 2011-05-29 12:37 -------- d-----w- C:\Genius
2011-05-29 12:35 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\program files\Driver-Soft
2011-05-28 12:24 . 2011-05-28 12:24 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 4
2011-05-28 09:10 . 2011-05-28 09:10 -------- d-----w- c:\program files\Stabenfeldt
2011-05-28 08:10 . 2011-05-28 08:41 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 11:33 . 2011-05-15 11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 11:32 . 2011-05-15 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-15 11:32 . 2011-04-10 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-10 12:10 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-11 17:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-11 17:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-11 17:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-11 17:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-11 17:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-11 17:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-11 17:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-11 17:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 16:31 . 2011-03-11 15:52 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-03 14:33 . 2011-03-11 15:49 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-02 15:32 . 2011-03-11 15:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41 . 2011-03-11 16:13 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-03-11 16:13 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2011-03-11 16:13 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2011-03-11 16:13 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2011-03-11 16:13 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2011-03-11 16:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-03-11 16:13 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-03-11 16:13 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-13 18:40 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2011-03-11 16:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2011-03-11 16:13 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2011-03-11 16:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2011-03-11 16:13 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2011-03-11 16:13 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2011-03-13 18:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2011-03-11 16:13 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2011-03-11 16:13 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2011-03-11 16:13 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2011-03-11 16:13 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2011-03-11 16:13 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-15 13:48 . 2011-03-11 15:49 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-14 11:36 . 2011-03-11 15:49 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-28 17:46 . 2011-02-01 14:37 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-04-29 18:30 . 2011-03-23 18:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-04-14 11:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [11.3.2011 17:53 19496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 19:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 19:30 307928]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1.2.2011 16:37 98160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 19:30 19544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.5.2011 14:35 101904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2011 14:38 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2011 14:38 11520]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.3.2011 17:52 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2011 17:49 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [29.5.2011 14:38 12288]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.6.2011 21:43 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2011 14:20 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 217.170.96.24 217.170.96.2
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\x255a8hz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,d5,5f,89,fb,2c,cb,8e,b3,70,f5,e4,04,69,83,6c,01,4a,34,0b,15,
7f,10,0c,63,41,5c,00,d0,91,55,5b,8f,12,a1,14,1b,76,c2,19,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:00000008
"MData"=hex(0):49,74,f1,15,a5,c3,e8,38,e0,e3,fd,8e,fa,dc,be,7b,fa,20,8f,b0,6c,
94,f3,7f,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-06-19 13:23:27
ComboFix-quarantined-files.txt 2011-06-19 11:23
.
Před spuštěním: 9 187 426 304
Po spuštění: 9 143 566 336
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 905FB40D5C1728D89A90AC465C384C89
d.a.p
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek).
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\PerfStringBackup.TMP
RegLockDel::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}]
Reboot::Koupím trochu času, cenu respektuji.
Re: prevence
ComboFix 11-06-21.03 - a 21.06.2011 20:46:47.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2045.1595 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\a\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-21 do 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-20 17:57 . 2011-06-20 18:07 -------- d-----w- C:\videooutput
2011-06-20 17:57 . 2011-06-20 17:57 -------- d-----w- c:\program files\Smallvideosoft
2011-06-20 17:57 . 2009-06-04 11:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2011-06-20 17:57 . 2009-05-19 16:32 758018 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-20 17:57 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-20 17:57 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax
2011-06-19 17:04 . 2011-06-20 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-16 05:46 . 2011-06-16 05:46 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-14 18:40 . 2011-06-14 18:40 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-06-14 18:40 . 2011-06-16 11:01 -------- d-----w- C:\TEACHER
2011-06-14 18:40 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2011-06-14 18:39 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\a\Data aplikací\LangSoft
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 19:43 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 17:49 . 2011-06-14 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-13 17:49 . 2011-06-13 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 17:17 . 2011-06-12 17:17 -------- d-----w- C:\Terasoft
2011-06-12 13:36 . 2011-06-12 13:36 -------- d-----w- c:\program files\IVT Corporation
2011-06-12 13:28 . 2011-06-12 13:28 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\bluesoleil
2011-06-12 13:25 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\Nokia
2011-06-12 13:25 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-06-12 07:29 . 2011-06-17 17:45 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-08 12:18 . 2011-06-08 12:18 -------- d-----w- c:\program files\Sierra
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-05 18:49 . 2011-06-05 18:49 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-05-29 16:06 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-29 16:06 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 16:06 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 16:06 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 16:06 . 2011-05-29 16:06 -------- d-----w- c:\program files\PDFCreator
2011-05-29 16:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-29 12:38 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-05-29 12:38 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-05-29 12:37 . 2011-05-29 12:37 -------- d-----w- C:\Genius
2011-05-29 12:35 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\program files\Driver-Soft
2011-05-28 12:24 . 2011-05-28 12:24 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 4
2011-05-28 09:10 . 2011-05-28 09:10 -------- d-----w- c:\program files\Stabenfeldt
2011-05-28 08:10 . 2011-05-28 08:41 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 15:21 . 2011-03-11 15:49 6348392 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-27 15:58 . 2011-03-11 15:49 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-15 11:33 . 2011-05-15 11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 11:32 . 2011-05-15 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-15 11:32 . 2011-04-10 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 15:17 . 2011-03-11 15:49 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-05-12 12:10 . 2011-03-11 15:49 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-10 12:10 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-11 17:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-11 17:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-11 17:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-11 17:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-11 17:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-11 17:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-11 17:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-11 17:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 16:31 . 2011-03-11 15:52 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-02 15:32 . 2011-03-11 15:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41 . 2011-03-11 16:13 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-03-11 16:13 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2011-03-11 16:13 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2011-03-11 16:13 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2011-03-11 16:13 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2011-03-11 16:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-03-11 16:13 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-03-11 16:13 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-13 18:40 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2011-03-11 16:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2011-03-11 16:13 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2011-03-11 16:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2011-03-11 16:13 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2011-03-11 16:13 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2011-03-13 18:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2011-03-11 16:13 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2011-03-11 16:13 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2011-03-11 16:13 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2011-03-11 16:13 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2011-03-11 16:13 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-28 17:46 . 2011-02-01 14:37 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-04-29 18:30 . 2011-03-23 18:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 12:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [11.3.2011 17:53 19496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 19:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 19:30 307928]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1.2.2011 16:37 98160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 19:30 19544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.5.2011 14:35 101904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2011 14:38 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2011 14:38 11520]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.3.2011 17:52 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2011 17:49 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [29.5.2011 14:38 12288]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.6.2011 21:43 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2011 14:20 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 217.170.96.24 217.170.96.2
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\x255a8hz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,d5,5f,89,fb,2c,cb,8e,b3,70,f5,e4,04,69,83,6c,01,4a,34,0b,15,
7f,10,0c,63,41,5c,00,d0,91,55,5b,8f,12,a1,14,1b,76,c2,19,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-06-21 20:55:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-21 18:55
ComboFix2.txt 2011-06-21 18:43
ComboFix3.txt 2011-06-19 11:23
.
Před spuštěním: 9 400 045 568
Po spuštění: 9 384 869 888
.
- - End Of File - - CDDF4A98E6EF0916E3F2822C0A692134
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2045.1595 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\a\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-21 do 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-20 17:57 . 2011-06-20 18:07 -------- d-----w- C:\videooutput
2011-06-20 17:57 . 2011-06-20 17:57 -------- d-----w- c:\program files\Smallvideosoft
2011-06-20 17:57 . 2009-06-04 11:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2011-06-20 17:57 . 2009-05-19 16:32 758018 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-20 17:57 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-20 17:57 . 2008-10-08 08:16 139264 ----a-w- c:\windows\system32\xvid.ax
2011-06-19 17:04 . 2011-06-20 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-16 05:46 . 2011-06-16 05:46 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-14 18:40 . 2011-06-14 18:40 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-06-14 18:40 . 2011-06-16 11:01 -------- d-----w- C:\TEACHER
2011-06-14 18:40 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2011-06-14 18:39 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\a\Data aplikací\LangSoft
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 19:43 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 17:49 . 2011-06-14 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-13 17:49 . 2011-06-13 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 17:17 . 2011-06-12 17:17 -------- d-----w- C:\Terasoft
2011-06-12 13:36 . 2011-06-12 13:36 -------- d-----w- c:\program files\IVT Corporation
2011-06-12 13:28 . 2011-06-12 13:28 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\bluesoleil
2011-06-12 13:25 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\Nokia
2011-06-12 13:25 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-06-12 07:29 . 2011-06-17 17:45 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-08 12:18 . 2011-06-08 12:18 -------- d-----w- c:\program files\Sierra
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-05 18:49 . 2011-06-05 18:49 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-05-29 16:06 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-29 16:06 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 16:06 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 16:06 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 16:06 . 2011-05-29 16:06 -------- d-----w- c:\program files\PDFCreator
2011-05-29 16:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-29 12:38 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-05-29 12:38 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-05-29 12:37 . 2011-05-29 12:37 -------- d-----w- C:\Genius
2011-05-29 12:35 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\program files\Driver-Soft
2011-05-28 12:24 . 2011-05-28 12:24 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 4
2011-05-28 09:10 . 2011-05-28 09:10 -------- d-----w- c:\program files\Stabenfeldt
2011-05-28 08:10 . 2011-05-28 08:41 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 15:21 . 2011-03-11 15:49 6348392 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-27 15:58 . 2011-03-11 15:49 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-15 11:33 . 2011-05-15 11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 11:32 . 2011-05-15 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-15 11:32 . 2011-04-10 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 15:17 . 2011-03-11 15:49 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-05-12 12:10 . 2011-03-11 15:49 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-10 12:10 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-11 17:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-11 17:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-11 17:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-11 17:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-11 17:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-11 17:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-11 17:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-11 17:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 16:31 . 2011-03-11 15:52 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-02 15:32 . 2011-03-11 15:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41 . 2011-03-11 16:13 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-03-11 16:13 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2011-03-11 16:13 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2011-03-11 16:13 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2011-03-11 16:13 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2011-03-11 16:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-03-11 16:13 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-03-11 16:13 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-13 18:40 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2011-03-11 16:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2011-03-11 16:13 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2011-03-11 16:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2011-03-11 16:13 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2011-03-11 16:13 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2011-03-13 18:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2011-03-11 16:13 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2011-03-11 16:13 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2011-03-11 16:13 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2011-03-11 16:13 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2011-03-11 16:13 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-28 17:46 . 2011-02-01 14:37 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-04-29 18:30 . 2011-03-23 18:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 12:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [11.3.2011 17:53 19496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 19:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 19:30 307928]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1.2.2011 16:37 98160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 19:30 19544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.5.2011 14:35 101904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2011 14:38 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2011 14:38 11520]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.3.2011 17:52 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2011 17:49 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [29.5.2011 14:38 12288]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.6.2011 21:43 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2011 14:20 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 217.170.96.24 217.170.96.2
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\x255a8hz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,d5,5f,89,fb,2c,cb,8e,b3,70,f5,e4,04,69,83,6c,01,4a,34,0b,15,
7f,10,0c,63,41,5c,00,d0,91,55,5b,8f,12,a1,14,1b,76,c2,19,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-06-21 20:55:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-21 18:55
ComboFix2.txt 2011-06-21 18:43
ComboFix3.txt 2011-06-19 11:23
.
Před spuštěním: 9 400 045 568
Po spuštění: 9 384 869 888
.
- - End Of File - - CDDF4A98E6EF0916E3F2822C0A692134
d.a.p
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: prevence
Uklidíme po Combofixu : Otevřete menu Start a dejte Spustit (popř. stiskněte kombinaci kláves WIN + R), napište do řádku combofix /Uninstall a potvrďte ENTERem. Jak se chová PC?Koupím trochu času, cenu respektuji.
Re: prevence
všechno je v pořádku , díky moc za rady a za trpělivost. Jen jsem se chtěl zeptat jestli si můžu nainstalovat virtuální disk , případně jestli máte nějákou radu , protože jsem měl daemon i alcohol a oba mi moc nevyhovovaly. Ale jinak dík a zdravím
d.a.p
Přispějete na provoz fóra?