iLilu utworzono 7 sierpnia 2009 utworzono 7 sierpnia 2009 (edytowane) Witam, Z góry przepraszam, jeśli temat w złym dziale, ale jakoś najbardziej tu mi pasował. Sprawdziłam sobie połączenia netstatem i mam niezidentyfikowane 'cuś' w outpucie co mnie niepokoi: 192.168.2.3:49326 p397i-006:19299 ESTABLISHED 192.168.2.3:49387 lm-in-f100:http ESTABLISHED 192.168.2.3:49552 lm-in-f102:http ESTABLISHED 192.168.2.3:49554 gv-in-f104:http ESTABLISHED 192.168.2.3:49555 gv-in-f104:http ESTABLISHED 192.168.2.3:49556 gv-in-f101:http ESTABLISHED 192.168.2.3:49561 gv-in-f155:http ESTABLISHED 192.168.2.3:49427 a88-221-115-54:https ESTABLISHED 192.168.2.3:49428 a88-221-115-54:https ESTABLISHED Niepokoi, bo nie potrafię tego zidentyfikować i jeszcze po https'ie jest... Nie bardzo wiem jak mogę określić co to i ewentualnie jak to przyblokować. Poradzicie coś? Po edycji wklejam także logi. Log z OTL OTL.txt: Log do sprawdzenia OTL logfile created on: 08/08/2009 01:10:05 - Run 3OTL by OldTimer - Version 3.0.10.4 Folder = D:\Download Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.18% Memory free 4.00 Gb Paging File | 3.72 Gb Available in Paging File | 92.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 24.21 Gb Total Space | 0.87 Gb Free Space | 3.59% Space Free | Partition Type: NTFS Drive D: | 18.22 Gb Total Space | 0.59 Gb Free Space | 3.22% Space Free | Partition Type: FAT32 Drive E: | 11.64 Gb Total Space | 0.46 Gb Free Space | 3.91% Space Free | Partition Type: NTFS Drive F: | 12.06 Gb Total Space | 3.52 Gb Free Space | 29.16% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive J: | 689.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REBEL-PC Current User Name: rebel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008/10/10 13:39:30 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/05/09 11:45:56 | 00,026,826 | ---- | M] () -- D:\Sun\SDK\lib\appservService.exe PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2009/02/11 12:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2008/10/10 13:39:30 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2007/11/26 10:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe PRC - [2007/02/26 02:12:22 | 04,538,368 | ---- | M] () -- C:\MySQL5.1\bin\mysqld-nt.exe PRC - [2008/07/22 01:01:12 | 00,057,344 | ---- | M] (Apache Software Foundation) -- D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2009/06/20 12:27:54 | 00,615,176 | ---- | M] (http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://*.mcafee.com O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - D:\Sun\SDK\lib\appservService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Macromedia JRun Admin Server (JRun Admin) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exe O23 - Service: Macromedia JRun Default Server (JRun Default) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe O23 - Service: MySQL - Unknown owner - C:\MySQL5.1\bin\mysqld-nt (file missing) O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- End of file - 8269 bytes ======Scheduled tasks folder====== C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 304736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] McAfee Phishing Filter - C:\Program Files\McAfee\MSK\mcapbho.dll [2007-11-26 324936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "MWLExe"=C:\Program Files\Mcafee\MWL\MWLGuiSt.exe [2007-03-12 206448] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-23 185872] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2007-01-30 1716224] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Users\rebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup SDK Tray Menu.lnk - D:\Program Files\Java\jdk1.6.0_12\bin\javaw.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d92da55-4632-11de-96e1-0016cedea9c3}] shell\AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5adff5f6-d2d6-11dd-9348-000fb0cac103}] shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe shell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a60b4aa1-2d07-11de-a864-0016cedea9c3}] shell\AutoRun\command - I:\Uruchom.EXE ======File associations====== .js - open - "D:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2009-08-08 00:37:55 ----D---- C:\rsit 2009-08-07 10:02:38 ----A---- C:\Windows\system32\infocardapi.dll 2009-08-07 10:02:34 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-08-07 10:02:30 ----A---- C:\Windows\system32\icardagt.exe 2009-08-07 10:02:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-08-07 10:02:29 ----A---- C:\Windows\system32\icardres.dll 2009-08-07 10:02:23 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-08-07 10:02:06 ----A---- C:\Windows\system32\PresentationHost.exe 2009-08-07 09:36:15 ----A---- C:\Windows\system32\dfshim.dll 2009-08-07 09:36:07 ----A---- C:\Windows\system32\mscoree.dll 2009-08-07 09:36:04 ----A---- C:\Windows\system32\netfxperf.dll 2009-08-07 09:35:21 ----A---- C:\Windows\system32\mscorier.dll 2009-08-07 09:34:58 ----A---- C:\Windows\system32\mscories.dll 2009-07-29 21:05:32 ----D---- C:\Users\rebel\AppData\Roaming\TortoiseSVN 2009-07-29 20:44:37 ----D---- C:\Users\rebel\AppData\Roaming\Subversion 2009-07-29 20:43:06 ----D---- C:\Program Files\Common Files\TortoiseOverlays 2009-07-29 07:56:35 ----A---- C:\Windows\system32\mshtml.dll 2009-07-29 07:56:34 ----A---- C:\Windows\system32\occache.dll 2009-07-29 07:56:32 ----A---- C:\Windows\system32\ieframe.dll 2009-07-29 07:56:30 ----A---- C:\Windows\system32\urlmon.dll 2009-07-29 07:56:29 ----A---- C:\Windows\system32\wininet.dll 2009-07-29 07:56:29 ----A---- C:\Windows\system32\iertutil.dll 2009-07-29 07:56:27 ----A---- C:\Windows\system32\iedkcs32.dll 2009-07-29 07:56:26 ----A---- C:\Windows\system32\msfeeds.dll 2009-07-29 07:56:26 ----A---- C:\Windows\system32\ieaksie.dll 2009-07-29 07:56:24 ----A---- C:\Windows\system32\ieUnatt.exe 2009-07-29 07:56:23 ----A---- C:\Windows\system32\ieencode.dll 2009-07-29 07:56:21 ----A---- C:\Windows\system32\mstime.dll 2009-07-29 07:56:20 ----A---- C:\Windows\system32\jsproxy.dll 2009-07-18 16:13:44 ----SHD---- C:\Windows\ftpcache 2009-07-15 12:17:01 ----A---- C:\Windows\system32\t2embed.dll 2009-07-15 12:17:01 ----A---- C:\Windows\system32\fontsub.dll 2009-07-15 12:17:01 ----A---- C:\Windows\system32\atmfd.dll 2009-07-15 12:17:00 ----A---- C:\Windows\system32\dciman32.dll 2009-07-13 17:36:27 ----D---- C:\Users\rebel\AppData\Roaming\CodeGear 2009-07-13 17:36:27 ----D---- C:\ProgramData\Embarcadero 2009-07-13 17:15:39 ----D---- C:\ProgramData\CodeGear ======List of files/folders modified in the last 1 months====== 2009-08-08 00:37:58 ----D---- C:\Windows\Temp 2009-08-08 00:07:40 ----D---- C:\Users\rebel\AppData\Roaming\skypePM 2009-08-07 23:48:41 ----D---- C:\Users\rebel\AppData\Roaming\Skype 2009-08-07 12:47:26 ----D---- C:\Windows\System32 2009-08-07 12:47:26 ----D---- C:\Windows\inf 2009-08-07 12:47:26 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-08-07 12:14:32 ----D---- C:\Windows\Microsoft.NET 2009-08-07 12:14:18 ----RSD---- C:\Windows\assembly 2009-08-07 12:13:26 ----D---- C:\Windows\rescache 2009-08-07 11:51:30 ----D---- C:\Windows\system32\XPSViewer 2009-08-07 11:51:29 ----D---- C:\Windows\system32\wbem 2009-08-07 11:51:29 ----D---- C:\Windows\system32\en-US 2009-08-07 11:39:25 ----SHD---- C:\System Volume Information 2009-08-07 11:08:07 ----D---- C:\Windows\system32\drivers 2009-08-07 10:16:49 ----SHD---- C:\Windows\Installer 2009-08-07 10:13:14 ----D---- C:\Windows\winsxs 2009-08-07 10:09:21 ----D---- C:\Windows\system32\catroot 2009-08-07 10:09:20 ----D---- C:\Windows\system32\catroot2 2009-08-06 13:04:19 ----D---- C:\Windows\system32\LogFiles 2009-08-04 23:50:13 ----D---- C:\Program Files\Mozilla Firefox 2009-08-04 10:52:10 ----SD---- C:\ProgramData\Microsoft 2009-08-03 22:54:04 ----D---- C:\Windows\Prefetch 2009-07-30 03:07:15 ----D---- C:\Program Files\Internet Explorer 2009-07-29 20:48:31 ----D---- C:\Windows 2009-07-29 20:43:06 ----D---- C:\Program Files\Common Files 2009-07-29 20:13:53 ----SD---- C:\Users\rebel\AppData\Roaming\Microsoft 2009-07-29 19:38:48 ----D---- C:\Users\rebel\AppData\Roaming\Dropbox 2009-07-25 14:31:43 ----D---- C:\PHP 2009-07-19 18:05:27 ----HD---- C:\ProgramData 2009-07-19 15:20:48 ----D---- C:\Windows\Debug 2009-07-17 23:12:12 ----D---- C:\Users\rebel\AppData\Roaming\Notepad++ 2009-07-16 09:01:02 ----D---- C:\Program Files\Windows Mail 2009-07-13 17:47:31 ----RD---- C:\Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2006-09-19 298496] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-10-02 482176] R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-25 19456] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-25 29184] R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 78128] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 80688] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 16560] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664] R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840] R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] R3 WscNetDr;MWL Filter Miniport; C:\Windows\system32\DRIVERS\WscNetDr.sys [2007-01-02 86848] S3 a3cntnai;a3cntnai; C:\Windows\system32\drivers\a3cntnai.sys [] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-25 220160] S3 cportclm;cportclm; \??\C:\Users\rebel\AppData\Local\Temp\cportclm.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AppServer9PE;SunJavaSystemAppserver9PE; D:\Sun\SDK\lib\appservService.exe [2009-05-09 26826] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880] R2 MySQL;MySQL; C:\MySQL5.1\bin\mysqld-nt --defaults-file=C:\MySQL5.1\my.ini MySQL [] R2 Tomcat6;Apache Tomcat; D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2008-07-22 57344] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] R3 MWLSvc;McAfee Wireless Network Security Service; C:\Program Files\Mcafee\MWL\MwlSvc.exe [2007-03-12 910960] S2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636] S2 JRun Admin;Macromedia JRun Admin Server; D:\JRun4\bin\jrunsvc.exe [2003-05-30 57344] S2 JRun Default;Macromedia JRun Default Server; D:\JRun4\bin\jrunsvc.exe [2003-05-30 57344] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] -----------------EOF----------------- info.txt: Log do sprawdzenia info.txt logfile of random's system information tool 1.06 2009-08-08 00:38:15======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 CE-->C:\WINDOWS\ISUN0415.EXE -f"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.dll" Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Apache HTTP Server 2.2.10-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC} Apache Tomcat 6.0 (remove only)-->"D:\Program Files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Aptana Studio 1.2-->D:\Program Files\Aptana Studio 1.2\uninstall.exe Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASUS WebCam, 1.3M, USB2.0, FF-->C:\Windows\UninstIt.exe C:\Windows\ASUSCAM.ini Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" ChessPad 1.0.10-->"C:\Program Files\ChessPad\unins000.exe" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Dev-PHP (remove only)-->"D:\Program Files\Dev-php2\uninstall.exe" Dropbox-->"e:\Dropbox\uninstall.exe" Ekspert CD-->C:\Windows\unins000.exe FCE & CAE Course, Vocabulary Trainer-->"d:\Program Files\Edgard\FCE CAE Course\unins000.exe" ffdshow [rev 2054] [2008-07-27]-->"C:\Program Files\ffdshow\unins000.exe" Gadu-Gadu 7.6-->C:\Program Files\Gadu-Gadu\Setup.exe Greenfoot 1.5.1-->"D:\Greenfoot\uninst\unins000.exe" HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe Java Application Platform SDK-->"D:\Sun\SDK\uninstall.exe" -javahome "D:\Program Files\Java\jdk1.6.0_12" Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java SE Development Kit 6 Update 12-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160120} JCreator LE 4.50-->"D:\Program Files\Xinox Software\JCreatorV4LE\unins000.exe" Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3900-->MsiExec.exe /X{88637F72-B46E-43F9-B306-6DA1FF478D51} Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Macromedia JRun 4-->MsiExec.exe /I{AE846559-D7E1-4D4C-AF99-76E77E141330} McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MySQL Server 5.1-->MsiExec.exe /I{867FC1B2-06B4-46B3-8738-D22A80649D6E} Notepad++-->C:\Program Files\Notepad++\uninstall.exe OpenOffice.org 3.0-->MsiExec.exe /I{31BFEC6C-1F27-45B5-839C-BCBAE327993A} Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620} PHP 5.2.6-->MsiExec.exe /I{6E1205BF-25BC-44A5-B10E-34402BFF5D45} Picasa 3-->"D:\Program Files\Google\Picasa3\Uninstall.exe" Programmer's Notepad 2-->"C:\Program Files\Programmer's Notepad\unins000.exe" QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Rave Reports 7.6.2 BE-->"D:\Program Files\CodeGear\RAD Studio\6.0\RaveReports\unins000.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Safari-->MsiExec.exe /I{AF10D7E4-D29A-45DA-8050-B116097B69B5} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly StarUML 5.0.2.1570-->"C:\Program Files\StarUML\unins000.exe" Stellarium 0.10.1-->"C:\Program Files\Stellarium\unins000.exe" Subversion-->MsiExec.exe /X{1C8E69B4-F2F5-482C-BFC7-5E920630360C} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TopStyle Lite (Version 3.0)-->C:\Windows\unlite3.exe "C:\Program Files\Bradbury\TopStyle3" TortoiseSVN 1.6.3.16613 (32 bit)-->MsiExec.exe /X{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D} VLC media player 0.9.9-->d:\Program Files\VideoLAN\VLC\uninstall.exe Wielki s³ownik angielsko-polski i polsko-angielski PWN-OXFORD-->C:\Windows\IsUn0415.exe -f"d:\Program Files\PWN\WSPWNOUP2006\Uninst.isu" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: rebel-PC Event Code: 7024 Message: The Macromedia JRun Default Server service terminated with service-specific error 2 (0x2). Record Number: 81822 Source Name: Service Control Manager Time Written: 20090807113954.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 7024 Message: The Macromedia JRun Admin Server service terminated with service-specific error 2 (0x2). Record Number: 81824 Source Name: Service Control Manager Time Written: 20090807113954.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 81849 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090807114404.000000-000 Event Type: Warning User: Computer Name: rebel-PC Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 81867 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090807224627.000000-000 Event Type: Warning User: Computer Name: rebel-PC Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 81868 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090807224627.000000-000 Event Type: Warning User: =====Application event log===== Computer Name: rebel-PC Event Code: 3299 Message: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Record Number: 14250 Source Name: Apache Service Time Written: 20090807113852.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 100 Message: Fatal error: Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist For more information, see Help and Support Center at http://www.mysql.com. Record Number: 14257 Source Name: MySQL Time Written: 20090807113928.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 259 Message: The JRun Default service could not be started. Check the server "default" log files for more information. Record Number: 14263 Source Name: JRun Default Time Written: 20090807113938.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 259 Message: The JRun Admin service could not be started. Check the server "admin" log files for more information. Record Number: 14264 Source Name: JRun Admin Time Written: 20090807113939.000000-000 Event Type: Error User: Computer Name: rebel-PC Event Code: 3036 Message: The content source <csc://{s-1-5-21-3823102813-93446612-2020005149-1000}/> cannot be accessed. Context: Application, SystemIndex Catalog Details: The object was not found. (0x80041201) Record Number: 14267 Source Name: Microsoft-Windows-Search Time Written: 20090807114254.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: rebel-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26600 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090807233803.424000-000 Event Type: Audit Failure User: Computer Name: rebel-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26601 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090807233803.566000-000 Event Type: Audit Failure User: Computer Name: rebel-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26602 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090807233803.701000-000 Event Type: Audit Failure User: Computer Name: rebel-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26603 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090807233803.857000-000 Event Type: Audit Failure User: Computer Name: rebel-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Users\rebel\AppData\Local\Temp\aujasnkj.sys Record Number: 26604 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090807233950.425000-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=C:\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Subversion\bin;D:\Program Files\TortoiseSVN\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PHPRC"=C:\PHP\ "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0e08 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip "APR_ICONV_PATH"=D:\Program Files\Subversion\iconv -----------------EOF----------------- Log z DDS dds.txt: Log do sprawdzenia DDS (Ver_09-07-30.01) - NTFSx86 Run by rebel at 1:05:09.36 on 08/08/2009 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2549.1165 [GMT 1:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe D:\Sun\SDK\lib\appservService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\MySQL5.1\bin\mysqld-nt.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE D:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Windows\ehome\ehtray.exe D:\Program Files\Java\jdk1.6.0_12\bin\java.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\McAfee\MWL\MwlGui.exe C:\Program Files\Mcafee\MWL\MwlSvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\McAfee\MSC\mcuimgr.exe C:\Windows\system32\wuauclt.exe D:\Download\OTL.exe D:\Download\untd0hw9.exe D:\Download\dds.pif C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.pl/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll uWindows: Load=c:\slowni~1\watch.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\program files\mcafee\msk\mcapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGuiSt.exe mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\rebel\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - d:\program files\java\jdk1.6.0_12\bin\javaw.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\ FF - prefs.js: browser.startup.homepage - hxxp://forum.webhelp.pl/index.php?f=1|http://localhost/indexik.php|http://www.google.pl/ FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll FF - plugin: c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: d:\program files\google\picasa3\npPicasa3.dll FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll FF - plugin: d:\program files\videolan\vlc\npvlc.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-10-10 24636] R2 AppServer9PE;SunJavaSystemAppserver9PE;d:\sun\sdk\lib\appservservice.exe "\"d:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"d:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> d:\sun\sdk\lib\appservservice.exe \d:\sun\sdk\bin\asadmin.bat\ [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-31 210216] R2 Tomcat6;Apache Tomcat;d:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-22 57344] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-2 482176] S2 JRun Admin;Macromedia JRun Admin Server;d:\jrun4\bin\jrunsvc.exe [2003-5-30 57344] S2 JRun Default;Macromedia JRun Default Server;d:\jrun4\bin\jrunsvc.exe [2003-5-30 57344] =============== Created Last 30 ================ 2009-08-07 10:02 97,800 a------- c:\windows\system32\infocardapi.dll 2009-08-07 10:02 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-08-07 10:02 622,080 a------- c:\windows\system32\icardagt.exe 2009-08-07 10:02 37,384 a------- c:\windows\system32\infocardcpl.cpl 2009-08-07 10:02 43,544 a------- c:\windows\system32\PresentationHostProxy.dll 2009-08-07 10:02 11,264 a------- c:\windows\system32\icardres.dll 2009-08-07 10:02 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll 2009-08-07 10:02 326,160 a------- c:\windows\system32\PresentationHost.exe 2009-08-07 09:36 96,760 a------- c:\windows\system32\dfshim.dll 2009-08-07 09:36 282,112 a------- c:\windows\system32\mscoree.dll 2009-08-07 09:36 41,984 a------- c:\windows\system32\netfxperf.dll 2009-08-07 09:35 158,720 a------- c:\windows\system32\mscorier.dll 2009-08-07 09:34 83,968 a------- c:\windows\system32\mscories.dll 2009-07-29 21:05 <DIR> --d----- c:\users\rebel\appdata\roaming\TortoiseSVN 2009-07-29 20:44 <DIR> --d----- c:\users\rebel\appdata\roaming\Subversion 2009-07-29 20:43 <DIR> --d----- c:\program files\common files\TortoiseOverlays 2009-07-18 16:13 <DIR> --dsh--- c:\windows\ftpcache 2009-07-15 12:17 289,792 a------- c:\windows\system32\atmfd.dll 2009-07-15 12:17 156,672 a------- c:\windows\system32\t2embed.dll 2009-07-15 12:17 72,704 a------- c:\windows\system32\fontsub.dll 2009-07-15 12:17 10,240 a------- c:\windows\system32\dciman32.dll 2009-07-13 18:09 1,071,616 a------- c:\windows\system32\Rave76VCL120.bpl 2009-07-13 17:36 <DIR> --d----- c:\users\rebel\appdata\roaming\CodeGear 2009-07-13 17:36 <DIR> --d----- c:\programdata\Embarcadero 2009-07-13 17:36 <DIR> --d----- c:\progra~2\Embarcadero 2009-07-13 17:15 <DIR> --d----- c:\programdata\CodeGear 2009-07-13 17:15 <DIR> --d----- c:\progra~2\CodeGear ==================== Find3M ==================== 2009-08-07 12:37 2,194 a------- c:\windows\bthservsdp.dat 2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll 2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll 2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe 2008-10-28 04:47 174 a--sh--- c:\program files\desktop.ini 2008-10-28 04:42 86,016 a------- c:\windows\inf\infstor.dat 2008-10-28 04:42 51,200 a------- c:\windows\inf\infpub.dat 2008-10-28 04:42 86,016 a------- c:\windows\inf\infstrng.dat 2008-10-28 04:30 665,600 a------- c:\windows\inf\drvindex.dat 2008-10-25 22:54 56 a---h--- c:\programdata\ezsidmv.dat 2008-10-25 22:54 56 a---h--- c:\progra~2\ezsidmv.dat 2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-12-26 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-12-26 00:00 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-12-26 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 1:14:04.65 =============== Pozdrawiam ililu //Każdy log umieszczamy tylko i wyłącznie pomiędzy tagami [log ] oraz [/log ] (bez spacji). //Proszę się tego trzymać //jesiona
dawid_c komentarz 8 sierpnia 2009 komentarz 8 sierpnia 2009 3. UWAGA: Każdy log umieszczamy tylko i wyłącznie pomiędzy tagami [log ] oraz [/log ] (bez spacji). Popraw post! No masz trochę syfu, np. to: PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exePRC - [2009/08/08 01:03:52 | 00,359,932 | ---- | M] () -- D:\Download\dds.pif Ale to ktoś ci napisze skrypt bo ja nie mam czasu. //Używaj funkcji raport, nie jesteś osobom upoważnioną do pełnienia funkcji moderacyjnych //Czemu podajesz tylko przykład? Jak już sprawdzasz to wszystko //jesiona
Mateusz J. komentarz 8 sierpnia 2009 komentarz 8 sierpnia 2009 PRC - [2009/08/08 01:03:52 | 00,359,932 | ---- | M] () -- D:\Download\dds.pif Plik programu DDS. PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exe Tego pliku nie znam, czy autor tematu wie co to za plik? Przypuszczam, że go pobrałeś. ESTABLISHED :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll File not foundO3 - HKU\S-1-5-21-3823102813-93446612-2020005149-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll File not found:REG[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="" [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]:Commands[emptytemp][start explorer][Reboot] ] Kliknij w Run Fix i zatwierdź restart komputera. Logi ogólnie są czyste, była mała infekcja z pendrive + pozostałość po free-downloads.net Co do outputa nie mam pojęcia.
iLilu komentarz 8 sierpnia 2009 Autor komentarz 8 sierpnia 2009 (edytowane) Dziękuję za poprawienie posta. PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exe Tego pliku nie znam, czy autor tematu wie co to za plik? Przypuszczam, że go pobrałeś. Zgadza się, to plik programu Gmer i niżej jego logi: Log do sprawdzenia GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.netRootkit quick scan 2009-08-08 01:01:19 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DE7C9BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DE7C958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DE7C96C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DE7C9FC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DE7CA3F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DE7C930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DE7C944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DE7C9D2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DE7CA67] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DE7CA53] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DE7C9AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DE7C996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DE7CA2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DE7CA12] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DE7C9E8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DE7C982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 851501F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\fastfat \Fat 863851F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Log do sprawdzenia GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.netRootkit scan 2009-08-08 09:16:25 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- INT 0x52 ? 85E3CBF8 INT 0x72 ? 85E3CBF8 INT 0x72 ? 85E3CBF8 INT 0x72 ? 85E3CBF8 INT 0x92 ? 8514BBF8 INT 0xA2 ? 8514BBF8 INT 0xB2 ? 85E3CBF8 INT 0xB3 ? 85E3CBF8 Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DE7C9BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DE7C958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DE7C96C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DE7C9FC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DE7CA3F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DE7C930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DE7C944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DE7C9D2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DE7CA67] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DE7CA53] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DE7C9AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DE7C996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DE7CA2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DE7CA12] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DE7C9E8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DE7C982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 81E7318C 5 Bytes JMP 8DE7C9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8200D17C 5 Bytes JMP 8DE7CA43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 82014DCA 5 Bytes JMP 8DE7C986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 8202EF80 5 Bytes JMP 8DE7CA2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 8204E1CA 5 Bytes JMP 8DE7C948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 8205DB06 5 Bytes JMP 8DE7C934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 8207071E 7 Bytes JMP 8DE7CA00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82070D75 5 Bytes JMP 8DE7CA16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 82072F86 5 Bytes JMP 8DE7C9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 82080644 5 Bytes JMP 8DE7C99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8208289E 7 Bytes JMP 8DE7C9D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 820A1402 5 Bytes JMP 8DE7CA57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 820A244E 5 Bytes JMP 8DE7CA6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 820E0171 5 Bytes JMP 8DE7C95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 820E01BC 7 Bytes JMP 8DE7C970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 820E0C7B 5 Bytes JMP 8DE7C9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? System32\Drivers\spwv.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 8D57A46F 5 Bytes JMP 85E3C1D8 .text ao3y3kvr.SYS 8E33C000 22 Bytes [26, 02, E2, 81, 10, 01, E2, ...] .text ao3y3kvr.SYS 8E33C017 145 Bytes [00, 32, 77, 79, 80, 3D, 75, ...] .text ao3y3kvr.SYS 8E33C0A9 35 Bytes JMP 781B612F .text ao3y3kvr.SYS 8E33C0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...] .text ao3y3kvr.SYS 8E33C0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[340] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[340] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00090F52 .text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00090098 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000900BD .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00090F26 .text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00090F9C .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00090FD4 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00090FB9 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0009005B .text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00090087 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00090076 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00090040 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00090F77 .text C:\Windows\system32\services.exe[688] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000900CE .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00090FE5 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 0009000A .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 0009001B .text C:\Windows\system32\services.exe[688] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00090F41 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00080039 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00080FA8 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00080FEF .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00080F97 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00080F86 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 0008000A .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00080FD4 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00080FC3 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B90FC8 .text C:\Windows\system32\services.exe[688] msvcrt.dll!system 77318B63 5 Bytes JMP 00B90FD9 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B9002E .text C:\Windows\system32\services.exe[688] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B90000 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B90049 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B9001D .text C:\Windows\system32\services.exe[688] WS2_32.dll!socket 76E236D1 5 Bytes JMP 0023000A .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001E00A2 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 001E0091 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 001E0F26 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001E0F37 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001E0F7A .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 001E0FCA .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 001E0F8B .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 001E0FA8 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001E006F .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 001E004A .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 001E0FB9 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001E0080 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 001E00D8 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 001E000A .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 001E0FEF .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 001E001B .text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001E00B3 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001D0F8D .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001D0FB9 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001D0FEF .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001D0F9E .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001D0040 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001D0014 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001D0FDE .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001D0025 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 0085003F .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 77318B63 5 Bytes JMP 00850FBE .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0085001D .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00850000 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 0085002E .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00850FE3 .text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 76E236D1 5 Bytes JMP 001F0FEF .text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00100F54 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 0010009A .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00100F2F .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001000D0 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00100067 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00100F9E .text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 0010004A .text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00100014 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00100078 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 0010002F .text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00100F8D .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00100089 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00100F14 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00100FCA .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00100FEF .text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00100FB9 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001000BF .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 0013006E .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 77318B63 5 Bytes JMP 00130049 .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0013002E .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 0013000C .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00130FD9 .text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 0013001D .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 000F0F79 .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 000F0025 .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 000F0FE5 .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 000F0F9E .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 000F0F68 .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 000F0FD4 .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 000F000A .text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 000F0FB9 .text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00120000 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001C00D5 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 001C00C4 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 001C0F34 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001C0F59 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001C007D .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 001C002F .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 001C006C .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 001C0FAF .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001C0098 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 001C005B .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 001C0040 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001C00A9 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 001C0F23 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 001C000A .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 001C0FEF .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 001C0FD4 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001C0F6A .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00730047 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 77318B63 5 Bytes JMP 00730036 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00730FC6 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00730FE3 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 0073001B .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00730000 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001B0F8A .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001B0022 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001B0000 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001B0F9B .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001B0051 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001B0011 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001B0FE5 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001B0FB6 .text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00720000 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001800DA .text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00180F9E .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00180117 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00180106 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001800A7 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00180FDE .text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00180080 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00180FC3 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001800B8 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00180065 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0018004A .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001800C9 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00180F6F .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00180025 .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 0018000A .text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00180FEF .text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001800EB .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 001A0042 .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!system 77318B63 5 Bytes JMP 001A0031 .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 001A0FC1 .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 001A0FEF .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 001A0016 .text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 001A0FD2 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00170FCA .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00170FE5 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 0017000A .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 0017006C .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00170091 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00170036 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00170025 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00170051 .text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00190000 .text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenA 775A03ED 5 Bytes JMP 00FA0FEF .text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 00FA0FD4 .text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenW 775A2A68 5 Bytes JMP 00FA000A .text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 00FA0FC3 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00FE0F4B .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00FE0F66 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00FE0F3A .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00FE00D1 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00FE0F9C .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00FE0036 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00FE0FAD .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00FE0FCA .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00FE0F8B .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00FE0076 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00FE005B .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00FE0091 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00FE0F15 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00FE000A .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00FE0FEF .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00FE0025 .text C:\Windows\System32\svchost.exe[1076] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00FE00B6 .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 01E40FC3 .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!system 77318B63 5 Bytes JMP 01E4004E .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 01E40FDE .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 01E40FEF .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 01E40033 .text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 01E40018 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00FC0F9E .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00FC0040 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00FC000A .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00FC0FB9 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00FC0F83 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00FC0FEF .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00FC001B .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00FC0FD4 .text C:\Windows\System32\svchost.exe[1076] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00FF000A .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A500A5 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A50F55 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A500EC .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A500D1 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A5006C .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A5002C .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A50F9E .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A50051 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A50F81 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A50FAF .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A50FCA .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A50F70 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A50F30 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A50FE5 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A50000 .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A5001B .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A500C0 .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B70051 .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 77318B63 5 Bytes JMP 00B70036 .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B70FC6 .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B70000 .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B7001B .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B70FE3 .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00A40F8A .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00A40FA5 .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00A40FEF .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00A4002C .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00A40047 .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00A4000A .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00A40FD4 .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00A4001B .text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00A60000 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 008D00BA .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 008D00A9 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 008D0115 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 008D00FA .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 008D0084 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 008D0025 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 008D0073 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 008D0047 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 008D0F8F .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 008D0062 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 008D0036 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 008D0F7E .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 008D0F63 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 008D0014 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 008D0FEF .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 008D0FDE .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 008D00D5 .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B40FA8 .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!system 77318B63 5 Bytes JMP 00B40FB9 .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B40018 .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B40FEF .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B40033 .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B40FDE .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00870040 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00870025 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00870FEF .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00870FA8 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00870F79 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00870FC3 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00870FD4 .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00870014 .text C:\Windows\system32\svchost.exe[1148] WS2_32.dll!socket 76E236D1 5 Bytes JMP 008E0000 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A300A9 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A30098 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A300D5 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A30F3E .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A30FA3 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A30051 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A3007D .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A30FE5 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A30F88 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A30FC0 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A30062 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A30F77 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A30F23 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A3001B .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A3000A .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A30036 .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A300BA .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00A50064 .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!system 77318B63 5 Bytes JMP 00A50FD9 .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00A5002E .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00A50000 .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00A50049 .text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00A5001D .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00690051 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00690040 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00690FEF .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00690FB9 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00690F94 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00690FDE .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 0069000A .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0069002F .text C:\Windows\system32\svchost.exe[1292] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00A40FEF .text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenA 775A03ED 5 Bytes JMP 00A60000 .text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 00A60FD4 .text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenW 775A2A68 5 Bytes JMP 00A60FE5 .text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 00A60FC3 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 008200D5 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00820F99 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 008200F0 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00820F59 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00820FB4 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00820047 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00820FDB .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0082007D .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 008200A9 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00820098 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0082006C .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 008200C4 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00820101 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 0082001B .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00820000 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00820036 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00820F74 .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00840053 .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!system 77318B63 5 Bytes JMP 00840FC8 .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0084001D .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00840FE3 .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00840038 .text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00840000 .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001B0FA1 .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001B001E .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001B0FEF .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001B0039 .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001B0F90 .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001B0FCD .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001B0FDE .text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001B0FBC .text C:\Windows\system32\svchost.exe[1404] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00830FEF .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A90F6B .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A90F7C .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A90F5A .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A900F1 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A90093 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A90036 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A90FAF .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A90062 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A90F9E .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A90FC0 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A90051 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A90F8D .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A90F49 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A90014 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A90FEF .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A90025 .text C:\Windows\system32\svchost.exe[1612] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A900CC .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00AB0031 .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!system 77318B63 5 Bytes JMP 00AB0FA6 .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00AB0FC1 .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00AB0FEF .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00AB000C .text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00AB0FDE .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00A70FA1 .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00A70FC3 .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00A70FEF .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00A70FB2 .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00A7005E .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00A7002F .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00A7000A .text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00A70FDE .text C:\Windows\system32\svchost.exe[1612] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00AA0FEF .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000A006C .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 000A0F30 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000A00B3 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000A00A2 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 000A0F77 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 000A0FC3 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 000A0F88 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 000A0040 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 000A0F5C .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 000A0051 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 000A002F .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 000A0F41 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000A00CE .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 000A0FEF .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 000A0000 .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 000A0FDE .text C:\Windows\system32\svchost.exe[1856] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 000A0091 .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000D0FA8 .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!system 77318B63 5 Bytes JMP 000D003D .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000D0018 .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000D0FEF .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000D0FCD .text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000D0FDE .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00090F61 .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00090F8D .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00090FEF .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00090F7C .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00090028 .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00090FB9 .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00090FD4 .text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00090FA8 .text C:\Windows\system32\svchost.exe[1856] WS2_32.dll!socket 76E236D1 5 Bytes JMP 000B0FEF .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00950F48 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00950F63 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 009500CB .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 009500BA .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 0095007D .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00950FC0 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00950FA5 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00950047 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00950F7E .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00950062 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00950036 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 0095008E .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00950F19 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00950011 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00950000 .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00950FDB .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 009500A9 .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00970042 .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!system 77318B63 5 Bytes JMP 00970031 .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0097000C .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00970FEF .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00970FB7 .text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00970FDE .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00940036 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00940FA5 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00940FEF .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00940F94 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00940047 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00940011 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00940000 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00940FB6 .text C:\Windows\system32\svchost.exe[2412] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00960FEF .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 009A008E .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 009A0F48 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 009A0F12 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 009A00B3 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 009A0F6A .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 009A0011 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 009A004E .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 009A0F91 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 009A0069 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 009A003D .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 009A0022 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 009A0F59 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 009A0F01 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 009A0FE5 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 009A0000 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 009A0FC0 .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 009A0F2D .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 009C005D .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!system 77318B63 5 Bytes JMP 009C004C .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 009C001D .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 009C0000 .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 009C0FD2 .text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 009C0FE3 .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00880F7C .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00880F9E .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00880FE5 .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00880F8D .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00880F6B .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00880FD4 .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00880000 .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00880FB9 .text C:\Windows\system32\svchost.exe[2484] WS2_32.dll!socket 76E236D1 5 Bytes JMP 009B0FE5 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000A0098 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 000A0087 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000A0F0B .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000A0F1C .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 000A0F66 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 000A001B .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 000A0F77 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 000A002C .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 000A005B .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 000A0F94 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 000A0FA5 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 000A0076 .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000A00BD .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 000A0FDE .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 000A0FEF .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 000A000A .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 000A0F37 .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000B0F9C .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!system 77318B63 5 Bytes JMP 000B0FAD .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000B0027 .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000B0FEF .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000B0FD2 .text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000B000C .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00090FA8 .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00090FC3 .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00090FEF .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 0009004A .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00090F8D .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 0009000A .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00090FD4 .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0009002F .text C:\Windows\System32\svchost.exe[2684] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00160FEF .text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 0001008E .text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00010F48 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00010F1C .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000100B3 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F63 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010FCA .text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010047 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00010036 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010058 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00010F8A .text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010FAF .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00010069 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000100C4 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010000 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF .text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010011 .text C:\Windows\Explorer.EXE[3192] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010F2D .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00050F83 .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00050FAF .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00050FEF .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00050F94 .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00050040 .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00050FCA .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00050000 .text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0005001B .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000A0036 .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!system 77318B63 5 Bytes JMP 000A0FA1 .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000A0FCD .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000A0FEF .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000A0FBC .text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000A0FDE .text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenA 775A03ED 5 Bytes JMP 01800FE5 .text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 01800FB9 .text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenW 775A2A68 5 Bytes JMP 01800FCA .text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 0180000A .text C:\Windows\Explorer.EXE[3192] WS2_32.dll!socket 76E236D1 5 Bytes JMP 01820000 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000100B6 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 0001009B .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000100DB .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00010F44 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F81 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010040 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010F9E .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0001005B .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010076 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00010FAF .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010FD4 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00010F70 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000100EC .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010014 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010025 .text C:\Windows\system32\svchost.exe[5316] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010F5F .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00050FC3 .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!system 77318B63 5 Bytes JMP 00050FDE .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00050029 .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00050FEF .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00050044 .text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00050018 .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00060F8D .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00060FA8 .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00060FE5 .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00060039 .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 0006004A .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00060FD4 .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 0006000A .text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00060FB9 .text C:\Windows\system32\svchost.exe[5316] WS2_32.dll!socket 76E236D1 5 Bytes JMP 000B000A .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00010F15 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00010F3A .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00010EDF .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00010EFA .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F66 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010FA8 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010040 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00010014 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010F4B .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 0001002F .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010F83 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 0001005B .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00010091 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010FD4 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010FB9 .text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010076 .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000A004E .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!system 77318B63 5 Bytes JMP 000A0033 .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000A0022 .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000A0000 .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000A0FCD .text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000A0011 .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 000B005B .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 000B0FCA .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 000B0FEF .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 000B0FAF .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 000B006C .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 000B001B .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 000B000A .text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 000B0036 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069E048] \SystemRoot\System32\Drivers\spwv.sys IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortNotification] CC000CC2 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [8D5750FC] \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortMoveMemory] 00012284 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0 IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 851501F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\fastfat \FatCdrom 863851F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 8514D1F8 Device \Driver\usbuhci \Device\USBPDO-0 85DE11F8 Device \Driver\usbuhci \Device\USBPDO-1 85DE11F8 Device \Driver\usbuhci \Device\USBPDO-2 85DE11F8 Device \Driver\usbuhci \Device\USBPDO-3 85DE11F8 Device \Driver\usbehci \Device\USBPDO-4 85E0C1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{D3513FE2-DCBB-4795-BCD3-D0248C5616DF} 8628E500 AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\volmgr \Device\HarddiskVolume1 8514D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85EF61F8 Device \Driver\volmgr \Device\HarddiskVolume2 8514D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume3 8514D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 85EF61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8514F1F8 Device \Driver\atapi \Device\Ide\IdePort0 8514F1F8 Device \Driver\atapi \Device\Ide\IdePort1 8514F1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8514F1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8514D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom2 85EF61F8 Device \Driver\volmgr \Device\HarddiskVolume5 8514D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom3 85EF61F8 Device \Driver\BTHUSB \Device\00000069 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000069 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\netbt \Device\NetBt_Wins_Export 8628E500 Device \Driver\Smb \Device\NetbiosSmb 8628B1F8 Device \Driver\PCI_PNP1214 \Device\0000004e spwv.sys Device \Driver\iScsiPrt \Device\RaidPort0 85E071F8 AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-0 85DE11F8 Device \FileSystem\fastfat \Fat 863851F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\cdfs \Cdfs 84ACF500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3@001620a75b1e 0x4E 0x78 0x2E 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x36 0xFC 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x92 0xCD 0x8B 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x7D 0xA5 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x01 0x33 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x0E 0xED 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x18 0x95 0x33 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3@001620a75b1e 0x4E 0x78 0x2E 0x16 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x36 0xFC 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x92 0xCD 0x8B 0x8F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x7D 0xA5 0xBA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x01 0x33 0xB9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x0E 0xED 0x45 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x18 0x95 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3823102813-93446612-2020005149-1000@RefCount 4 ---- EOF - GMER 1.0.15 ---- Log do sprawdzenia GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.netRootkit scan 2009-08-08 09:25:41 Windows 6.0.6001 Service Pack 1 ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [bOOT] ACPI Service C:\Windows\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320 Service adsi Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [sYSTEM] AFD Service C:\Windows\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440 Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7 Service C:\Windows\system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK8 Service C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] Apache2.2 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppMgmt Service D:\Sun\SDK\lib\appservService.exe [AUTO] AppServer9PE Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [bOOT] atapi Service C:\Windows\System32\Drivers\ATSwpWDF.sys ( AuthenTec Swipe Sensor WDF USB Driver/AuthenTec, Inc.) [MANUAL] ATSwpWDF Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv Service (Battery Class Driver/Microsoft Corporation) BattC Service C:\Windows\system32\DRIVERS\bcmwl6.sys (BCM 802.11g Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XV Service (BEEP Driver/Microsoft Corporation) [sYSTEM] Beep Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS Service system32\drivers\blbdrive.sys [DISABLED] blbdrive Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service C:\Windows\system32\DRIVERS\BthEnum.sys (Bluetooth Bus Extender/Microsoft Corporation) [MANUAL] BthEnum Service C:\Windows\system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM Service C:\Windows\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan Service C:\Windows\System32\Drivers\BTHport.sys (Bluetooth Bus Driver/Microsoft Corporation) [MANUAL] BTHPORT Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BthServ Service C:\Windows\System32\Drivers\BTHUSB.sys (Bluetooth Miniport Driver/Microsoft Corporation) [MANUAL] BTHUSB Service BTKRNL Service C:\Windows\system32\drivers\btwaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btwaudio Service C:\Windows\system32\drivers\btwavdt.sys (Broadcom Bluetooth AVDT Service/Broadcom Corporation.) [MANUAL] btwavdt Service C:\Windows\system32\DRIVERS\btwrchid.sys (Bluetooth Remote Control HID Minidriver/Broadcom Corporation.) [MANUAL] btwrchid Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [sYSTEM] cdrom Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [bOOT] CLFS Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32 Service C:\Windows\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [bOOT] Compbatt Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service C:\Users\rebel\AppData\Local\Temp\cportclm.sys [MANUAL] cportclm Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [bOOT] crcdisk Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe Service crypt32 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc Service C:\Windows\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [DISABLED] CSC Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] CscService Service DCLocator Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [sYSTEM] DfsC Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [bOOT] disk Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [bOOT] Ecache Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor Service EmdCache Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt Service ESENT Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [bOOT] FileInfo Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [bOOT] FltMgr Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service (File System Recognizer Driver/Microsoft Corporation) [sYSTEM] Fs_Rec Service C:\Windows\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [bOOT] fvevol Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus Service C:\Windows\system32\DRIVERS\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv Service C:\Windows\system32\drivers\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidUsb Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\Windows\system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [sYSTEM] i8042prt Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] ialm Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT Service inetaccs Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [bOOT] intelide Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\Windows\system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV Service C:\Windows\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid Service D:\JRun4\bin\jrunsvc.exe (JRun Service Controller/Macromedia Inc.) [AUTO] JRun Admin Service D:\JRun4\bin\jrunsvc.exe (JRun Service Controller/Macromedia Inc.) [AUTO] JRun Default Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [sYSTEM] kbdclass Service C:\Windows\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [sYSTEM] kbdhid Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [bOOT] KSecDD Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation Service ldap Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts Service Lsa Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [AUTO] McAfee SiteAdvisor Service Service C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) [AUTO] mcmscsvc Service c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) [AUTO] McNASvc Service C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee VirusScan - On Demand Scan/McAfee, Inc.) [MANUAL] McODS Service c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) [AUTO] McProxy Service C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) [AUTO] McShield Service C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) [MANUAL] McSysmon Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] megasas Service C:\Windows\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk Service C:\Windows\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk Service C:\Windows\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) [sYSTEM] mfehidk Service C:\Windows\system32\drivers\mferkdk.sys (VSCore Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdk Service C:\Windows\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) [MANUAL] mfesmfk Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [sYSTEM] mouclass Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [bOOT] MountMgr Service C:\Windows\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) [sYSTEM] MPFP Service C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service/McAfee, Inc.) [AUTO] MpfService Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10 Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20 Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service (Mailslot driver/Microsoft Corporation) [sYSTEM] Msfs Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [bOOT] msisadrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver Service C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Anti-Spam Server/McAfee, Inc.) [AUTO] MSK80Service Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC Service MSSCNTRS Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [bOOT] Mup Service C:\Program Files\Mcafee\MWL\MwlSvc.exe (McAfee Wireless Network Security Service/McAfee, Inc.) [MANUAL] MWLSvc Service C:\MySQL5.1\bin\mysqld-nt.exe [AUTO] MySQL Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [bOOT] NDIS Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [sYSTEM] NetBIOS Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [sYSTEM] netbt Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc Service (NPFS Driver/Microsoft Corporation) [sYSTEM] Npfs Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [sYSTEM] nsiproxy Service NTDS Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi Service (NULL Driver/Microsoft Corporation) [sYSTEM] Null Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce RAID Driver/NVIDIA Corporation) [DISABLED] nvraid Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [bOOT] partmgr Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [bOOT] pci Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] pciide Service C:\Windows\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [bOOT] pcmcia Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent Service PortProxy Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [sYSTEM] PSched Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300 Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [sYSTEM] RasAcd Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [sYSTEM] rdbss Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPCDD Service RDPDD Service C:\Windows\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPENCDD Service RDPNP Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry Service C:\Windows\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM Service C:\Windows\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [MANUAL] rimmptsk Service C:\Windows\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk Service C:\Windows\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [AUTO] rismxdp Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr Service C:\Windows\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc Service C:\Windows\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv Service C:\Windows\system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc Service C:\Windows\system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SharedAccess Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [DISABLED] SiSRaid2 Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4 Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [sYSTEM] Smb Service SMSvcHost 3.0.0.0 Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP Service C:\Windows\system32\DRIVERS\snp2sxp.sys [MANUAL] SNP2STD Service (loader for security processor/Microsoft Corporation) [bOOT] spldr Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\Windows\System32\Drivers\sptd.sys [bOOT] sptd Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2 Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3 Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [sYSTEM] Tcpip Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6 Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [sYSTEM] tdx Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [sYSTEM] TermDD Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER Service D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (Service Runner/Apache Software Foundation) [AUTO] Tomcat6 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller Service TSDDD Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35 Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs Service UGatherer Service UGTHRSVC Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2 Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] UmRdpService Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost Service usb Service C:\Windows\system32\drivers\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [DISABLED] usbccgp Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbohci Service C:\Windows\system32\drivers\usbprint.sys (USB Printer driver/Microsoft Corporation) [DISABLED] usbprint Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [sYSTEM] VgaSave Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7 Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [bOOT] volmgr Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [bOOT] volmgrx Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [bOOT] volsnap Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR X86-32/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [sYSTEM] Wanarpv6 Service C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE/Microsoft Corporation) [MANUAL] wbengine Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [bOOT] Wdf01000 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend Service Windows Workflow Foundation 3.0.0.0 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM Service [MANUAL] Winsock Service WinSock2 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi Service WmiApRpl Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl Service C:\Windows\system32\DRIVERS\WscNetDr.sys (McAfee Wireless Home Network Security Driver/McAfee, Inc.) [MANUAL] WscNetDr Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch Service WSearchIdxPi Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc Service xmlprov Service {A4159796-DC37-4C4B-92A3-F536F1C733AF} Service {D3513FE2-DCBB-4795-BCD3-D0248C5616DF} Service {FFCF2467-DA9A-4549-8F9D-34B00375E377} ---- EOF - GMER 1.0.15 ---- i jeszcze log z catchme: Log do sprawdzenia catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-08 01:26:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3] "001620a75b1e"=hex:4e,78,2e,16,14,6f,db,b1,bb,a7,82,af,f8,34,ce,27 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:a1,36,fc,5b,52,58,ce,4f,43,ec,20,e5,e8,8d,6f,95,15,0b,07,79,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="d:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:92,cd,8b,8f,de,4e,44,ca,e1,e5,f8,9c,72,43,9f,5b,57,1f,6e,47,7c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f8,fe,b9,b7,d9,ca,ec,d7,b8,75,ef,1d,3c,75,98,2a,de,.. "khjeh"=hex:65,7d,a5,ba,fd,83,bc,b6,a0,64,92,5a,3a,3f,dd,3b,0c,83,c6,4b,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,01,33,b9,1c,72,a3,1e,b5,3f,3c,17,e6,e7,98,11,68,a2,ac,a1,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:5e,0e,ed,45,1b,15,2c,84,22,2a,d5,2e,fa,ff,26,9c,6f,c0,e0,6a,a5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:66,18,95,33,5e,3f,e4,23,e1,f8,c7,c5,65,c5,37,44,2e,2e,b0,55,e4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3] "001620a75b1e"=hex:4e,78,2e,16,14,6f,db,b1,bb,a7,82,af,f8,34,ce,27 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:a1,36,fc,5b,52,58,ce,4f,43,ec,20,e5,e8,8d,6f,95,15,0b,07,79,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="d:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:92,cd,8b,8f,de,4e,44,ca,e1,e5,f8,9c,72,43,9f,5b,57,1f,6e,47,7c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f8,fe,b9,b7,d9,ca,ec,d7,b8,75,ef,1d,3c,75,98,2a,de,.. "khjeh"=hex:65,7d,a5,ba,fd,83,bc,b6,a0,64,92,5a,3a,3f,dd,3b,0c,83,c6,4b,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:81,01,33,b9,1c,72,a3,1e,b5,3f,3c,17,e6,e7,98,11,68,a2,ac,a1,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:5e,0e,ed,45,1b,15,2c,84,22,2a,d5,2e,fa,ff,26,9c,6f,c0,e0,6a,a5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:66,18,95,33,5e,3f,e4,23,e1,f8,c7,c5,65,c5,37,44,2e,2e,b0,55,e4,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan
iLilu komentarz 8 sierpnia 2009 Autor komentarz 8 sierpnia 2009 (edytowane) Po Run Fix nic się nie dzieje, log jest pusty. KamilJB dziękuję. jesiona równięż dziękuje i małe pytanko, skąd wiesz, że infekcja z pendriva?
Mateusz J. komentarz 8 sierpnia 2009 komentarz 8 sierpnia 2009 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {4d92da55-4632-11de-96e1-0016cedea9c3}]shell\AutoRun\command - J:\autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {5adff5f6-d2d6-11dd-9348-000fb0cac103}]shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exeshell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a60b4aa1-2d07-11de-a864-0016cedea9c3}]shell\AutoRun\command - I:\Uruchom.EXE Wpisy mountpoints2 tworzą media przenośne, czyli pendrive, mp3, mp4
iLilu komentarz 8 sierpnia 2009 Autor komentarz 8 sierpnia 2009 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {4d92da55-4632-11de-96e1-0016cedea9c3}]shell\AutoRun\command - J:\autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a60b4aa1-2d07-11de-a864-0016cedea9c3}]shell\AutoRun\command - I:\Uruchom.EXE Powyższe powinno być OK, to tylko obrazy. Natomiast to jest podejrzane: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {5adff5f6-d2d6-11dd-9348-000fb0cac103}]shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exeshell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe Wpisy mountpoints2 tworzą media przenośne, czyli pendrive, mp3, mp4 Ahaaa:) Jakie sprytne:) Ah.. i lepsze od netstat -a jest netstat -b bo pokazuje program korzystający z połączenia. Dziękuje bardzo, że się wam chciało:) Pozdrawiam serdecznie, ililu
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.