x-kom hosting

IP z netstat'a i logi do sprawdzenia

iLilu
utworzono
utworzono (edytowane)

Witam,

Z góry przepraszam, jeśli temat w złym dziale, ale jakoś najbardziej tu mi pasował.

Sprawdziłam sobie połączenia netstatem i mam niezidentyfikowane 'cuś' w outpucie co mnie niepokoi:

192.168.2.3:49326 p397i-006:19299 ESTABLISHED

192.168.2.3:49387 lm-in-f100:http ESTABLISHED

192.168.2.3:49552 lm-in-f102:http ESTABLISHED

192.168.2.3:49554 gv-in-f104:http ESTABLISHED

192.168.2.3:49555 gv-in-f104:http ESTABLISHED

192.168.2.3:49556 gv-in-f101:http ESTABLISHED

192.168.2.3:49561 gv-in-f155:http ESTABLISHED

192.168.2.3:49427 a88-221-115-54:https ESTABLISHED

192.168.2.3:49428 a88-221-115-54:https ESTABLISHED

Niepokoi, bo nie potrafię tego zidentyfikować i jeszcze po https'ie jest... Nie bardzo wiem jak mogę określić co to i ewentualnie jak to przyblokować.

Poradzicie coś?

Po edycji wklejam także logi.

Log z OTL

OTL.txt:

Log do sprawdzenia
OTL logfile created on: 08/08/2009 01:10:05 - Run 3

OTL by OldTimer - Version 3.0.10.4 Folder = D:\Download

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.18% Memory free

4.00 Gb Paging File | 3.72 Gb Available in Paging File | 92.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 24.21 Gb Total Space | 0.87 Gb Free Space | 3.59% Space Free | Partition Type: NTFS

Drive D: | 18.22 Gb Total Space | 0.59 Gb Free Space | 3.22% Space Free | Partition Type: FAT32

Drive E: | 11.64 Gb Total Space | 0.46 Gb Free Space | 3.91% Space Free | Partition Type: NTFS

Drive F: | 12.06 Gb Total Space | 3.52 Gb Free Space | 29.16% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 689.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REBEL-PC

Current User Name: rebel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/10 13:39:30 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

PRC - [2009/05/09 11:45:56 | 00,026,826 | ---- | M] () -- D:\Sun\SDK\lib\appservService.exe

PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2009/02/11 12:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe

PRC - [2008/10/10 13:39:30 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

PRC - [2007/11/26 10:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe

PRC - [2007/02/26 02:12:22 | 04,538,368 | ---- | M] () -- C:\MySQL5.1\bin\mysqld-nt.exe

PRC - [2008/07/22 01:01:12 | 00,057,344 | ---- | M] (Apache Software Foundation) -- D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe

PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2009/06/20 12:27:54 | 00,615,176 | ---- | M] (http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://*.mcafee.com

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - D:\Sun\SDK\lib\appservService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia JRun Admin Server (JRun Admin) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exe

O23 - Service: Macromedia JRun Default Server (JRun Default) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL5.1\bin\mysqld-nt (file missing)

O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe

--

End of file - 8269 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job

C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]

McAfee Phishing Filter - C:\Program Files\McAfee\MSK\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll []

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGuiSt.exe [2007-03-12 206448]

"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-23 185872]

"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2007-01-30 1716224]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Users\rebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

SDK Tray Menu.lnk - D:\Program Files\Java\jdk1.6.0_12\bin\javaw.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d92da55-4632-11de-96e1-0016cedea9c3}]

shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5adff5f6-d2d6-11dd-9348-000fb0cac103}]

shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

shell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a60b4aa1-2d07-11de-a864-0016cedea9c3}]

shell\AutoRun\command - I:\Uruchom.EXE

======File associations======

.js - open - "D:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-08 00:37:55 ----D---- C:\rsit

2009-08-07 10:02:38 ----A---- C:\Windows\system32\infocardapi.dll

2009-08-07 10:02:34 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-07 10:02:30 ----A---- C:\Windows\system32\icardagt.exe

2009-08-07 10:02:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2009-08-07 10:02:29 ----A---- C:\Windows\system32\icardres.dll

2009-08-07 10:02:23 ----A---- C:\Windows\system32\PresentationNative_v0300.dll

2009-08-07 10:02:06 ----A---- C:\Windows\system32\PresentationHost.exe

2009-08-07 09:36:15 ----A---- C:\Windows\system32\dfshim.dll

2009-08-07 09:36:07 ----A---- C:\Windows\system32\mscoree.dll

2009-08-07 09:36:04 ----A---- C:\Windows\system32\netfxperf.dll

2009-08-07 09:35:21 ----A---- C:\Windows\system32\mscorier.dll

2009-08-07 09:34:58 ----A---- C:\Windows\system32\mscories.dll

2009-07-29 21:05:32 ----D---- C:\Users\rebel\AppData\Roaming\TortoiseSVN

2009-07-29 20:44:37 ----D---- C:\Users\rebel\AppData\Roaming\Subversion

2009-07-29 20:43:06 ----D---- C:\Program Files\Common Files\TortoiseOverlays

2009-07-29 07:56:35 ----A---- C:\Windows\system32\mshtml.dll

2009-07-29 07:56:34 ----A---- C:\Windows\system32\occache.dll

2009-07-29 07:56:32 ----A---- C:\Windows\system32\ieframe.dll

2009-07-29 07:56:30 ----A---- C:\Windows\system32\urlmon.dll

2009-07-29 07:56:29 ----A---- C:\Windows\system32\wininet.dll

2009-07-29 07:56:29 ----A---- C:\Windows\system32\iertutil.dll

2009-07-29 07:56:27 ----A---- C:\Windows\system32\iedkcs32.dll

2009-07-29 07:56:26 ----A---- C:\Windows\system32\msfeeds.dll

2009-07-29 07:56:26 ----A---- C:\Windows\system32\ieaksie.dll

2009-07-29 07:56:24 ----A---- C:\Windows\system32\ieUnatt.exe

2009-07-29 07:56:23 ----A---- C:\Windows\system32\ieencode.dll

2009-07-29 07:56:21 ----A---- C:\Windows\system32\mstime.dll

2009-07-29 07:56:20 ----A---- C:\Windows\system32\jsproxy.dll

2009-07-18 16:13:44 ----SHD---- C:\Windows\ftpcache

2009-07-15 12:17:01 ----A---- C:\Windows\system32\t2embed.dll

2009-07-15 12:17:01 ----A---- C:\Windows\system32\fontsub.dll

2009-07-15 12:17:01 ----A---- C:\Windows\system32\atmfd.dll

2009-07-15 12:17:00 ----A---- C:\Windows\system32\dciman32.dll

2009-07-13 17:36:27 ----D---- C:\Users\rebel\AppData\Roaming\CodeGear

2009-07-13 17:36:27 ----D---- C:\ProgramData\Embarcadero

2009-07-13 17:15:39 ----D---- C:\ProgramData\CodeGear

======List of files/folders modified in the last 1 months======

2009-08-08 00:37:58 ----D---- C:\Windows\Temp

2009-08-08 00:07:40 ----D---- C:\Users\rebel\AppData\Roaming\skypePM

2009-08-07 23:48:41 ----D---- C:\Users\rebel\AppData\Roaming\Skype

2009-08-07 12:47:26 ----D---- C:\Windows\System32

2009-08-07 12:47:26 ----D---- C:\Windows\inf

2009-08-07 12:47:26 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-08-07 12:14:32 ----D---- C:\Windows\Microsoft.NET

2009-08-07 12:14:18 ----RSD---- C:\Windows\assembly

2009-08-07 12:13:26 ----D---- C:\Windows\rescache

2009-08-07 11:51:30 ----D---- C:\Windows\system32\XPSViewer

2009-08-07 11:51:29 ----D---- C:\Windows\system32\wbem

2009-08-07 11:51:29 ----D---- C:\Windows\system32\en-US

2009-08-07 11:39:25 ----SHD---- C:\System Volume Information

2009-08-07 11:08:07 ----D---- C:\Windows\system32\drivers

2009-08-07 10:16:49 ----SHD---- C:\Windows\Installer

2009-08-07 10:13:14 ----D---- C:\Windows\winsxs

2009-08-07 10:09:21 ----D---- C:\Windows\system32\catroot

2009-08-07 10:09:20 ----D---- C:\Windows\system32\catroot2

2009-08-06 13:04:19 ----D---- C:\Windows\system32\LogFiles

2009-08-04 23:50:13 ----D---- C:\Program Files\Mozilla Firefox

2009-08-04 10:52:10 ----SD---- C:\ProgramData\Microsoft

2009-08-03 22:54:04 ----D---- C:\Windows\Prefetch

2009-07-30 03:07:15 ----D---- C:\Program Files\Internet Explorer

2009-07-29 20:48:31 ----D---- C:\Windows

2009-07-29 20:43:06 ----D---- C:\Program Files\Common Files

2009-07-29 20:13:53 ----SD---- C:\Users\rebel\AppData\Roaming\Microsoft

2009-07-29 19:38:48 ----D---- C:\Users\rebel\AppData\Roaming\Dropbox

2009-07-25 14:31:43 ----D---- C:\PHP

2009-07-19 18:05:27 ----HD---- C:\ProgramData

2009-07-19 15:20:48 ----D---- C:\Windows\Debug

2009-07-17 23:12:12 ----D---- C:\Users\rebel\AppData\Roaming\Notepad++

2009-07-16 09:01:02 ----D---- C:\Program Files\Windows Mail

2009-07-13 17:47:31 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2006-09-19 298496]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-10-02 482176]

R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-25 19456]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-25 29184]

R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 78128]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 80688]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 16560]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]

R3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]

R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]

R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]

R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]

R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]

R3 WscNetDr;MWL Filter Miniport; C:\Windows\system32\DRIVERS\WscNetDr.sys [2007-01-02 86848]

S3 a3cntnai;a3cntnai; C:\Windows\system32\drivers\a3cntnai.sys []

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-25 220160]

S3 cportclm;cportclm; \??\C:\Users\rebel\AppData\Local\Temp\cportclm.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S4 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppServer9PE;SunJavaSystemAppserver9PE; D:\Sun\SDK\lib\appservService.exe [2009-05-09 26826]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]

R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]

R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]

R2 MySQL;MySQL; C:\MySQL5.1\bin\mysqld-nt --defaults-file=C:\MySQL5.1\my.ini MySQL []

R2 Tomcat6;Apache Tomcat; D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2008-07-22 57344]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

R3 MWLSvc;McAfee Wireless Network Security Service; C:\Program Files\Mcafee\MWL\MwlSvc.exe [2007-03-12 910960]

S2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]

S2 JRun Admin;Macromedia JRun Admin Server; D:\JRun4\bin\jrunsvc.exe [2003-05-30 57344]

S2 JRun Default;Macromedia JRun Default Server; D:\JRun4\bin\jrunsvc.exe [2003-05-30 57344]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]

S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

info.txt:

Log do sprawdzenia
info.txt logfile of random's system information tool 1.06 2009-08-08 00:38:15

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop 7.0 CE-->C:\WINDOWS\ISUN0415.EXE -f"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.dll"

Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}

Apache HTTP Server 2.2.10-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}

Apache Tomcat 6.0 (remove only)-->"D:\Program Files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe"

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Aptana Studio 1.2-->D:\Program Files\Aptana Studio 1.2\uninstall.exe

Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ASUS WebCam, 1.3M, USB2.0, FF-->C:\Windows\UninstIt.exe C:\Windows\ASUSCAM.ini

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

ChessPad 1.0.10-->"C:\Program Files\ChessPad\unins000.exe"

DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Dev-PHP (remove only)-->"D:\Program Files\Dev-php2\uninstall.exe"

Dropbox-->"e:\Dropbox\uninstall.exe"

Ekspert CD-->C:\Windows\unins000.exe

FCE & CAE Course, Vocabulary Trainer-->"d:\Program Files\Edgard\FCE CAE Course\unins000.exe"

ffdshow [rev 2054] [2008-07-27]-->"C:\Program Files\ffdshow\unins000.exe"

Gadu-Gadu 7.6-->C:\Program Files\Gadu-Gadu\Setup.exe

Greenfoot 1.5.1-->"D:\Greenfoot\uninst\unins000.exe"

HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe

Java Application Platform SDK-->"D:\Sun\SDK\uninstall.exe" -javahome "D:\Program Files\Java\jdk1.6.0_12"

Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

Java SE Development Kit 6 Update 12-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160120}

JCreator LE 4.50-->"D:\Program Files\Xinox Software\JCreatorV4LE\unins000.exe"

Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3900-->MsiExec.exe /X{88637F72-B46E-43F9-B306-6DA1FF478D51}

Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall

Macromedia JRun 4-->MsiExec.exe /I{AE846559-D7E1-4D4C-AF99-76E77E141330}

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MySQL Server 5.1-->MsiExec.exe /I{867FC1B2-06B4-46B3-8738-D22A80649D6E}

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

OpenOffice.org 3.0-->MsiExec.exe /I{31BFEC6C-1F27-45B5-839C-BCBAE327993A}

Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

PHP 5.2.6-->MsiExec.exe /I{6E1205BF-25BC-44A5-B10E-34402BFF5D45}

Picasa 3-->"D:\Program Files\Google\Picasa3\Uninstall.exe"

Programmer's Notepad 2-->"C:\Program Files\Programmer's Notepad\unins000.exe"

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Rave Reports 7.6.2 BE-->"D:\Program Files\CodeGear\RAD Studio\6.0\RaveReports\unins000.exe"

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Safari-->MsiExec.exe /I{AF10D7E4-D29A-45DA-8050-B116097B69B5}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly

StarUML 5.0.2.1570-->"C:\Program Files\StarUML\unins000.exe"

Stellarium 0.10.1-->"C:\Program Files\Stellarium\unins000.exe"

Subversion-->MsiExec.exe /X{1C8E69B4-F2F5-482C-BFC7-5E920630360C}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TopStyle Lite (Version 3.0)-->C:\Windows\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"

TortoiseSVN 1.6.3.16613 (32 bit)-->MsiExec.exe /X{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}

VLC media player 0.9.9-->d:\Program Files\VideoLAN\VLC\uninstall.exe

Wielki s³ownik angielsko-polski i polsko-angielski PWN-OXFORD-->C:\Windows\IsUn0415.exe -f"d:\Program Files\PWN\WSPWNOUP2006\Uninst.isu"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: rebel-PC

Event Code: 7024

Message: The Macromedia JRun Default Server service terminated with service-specific error 2 (0x2).

Record Number: 81822

Source Name: Service Control Manager

Time Written: 20090807113954.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 7024

Message: The Macromedia JRun Admin Server service terminated with service-specific error 2 (0x2).

Record Number: 81824

Source Name: Service Control Manager

Time Written: 20090807113954.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 81849

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20090807114404.000000-000

Event Type: Warning

User:

Computer Name: rebel-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 81867

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20090807224627.000000-000

Event Type: Warning

User:

Computer Name: rebel-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF11663E. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 81868

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20090807224627.000000-000

Event Type: Warning

User:

=====Application event log=====

Computer Name: rebel-PC

Event Code: 3299

Message: The Apache service named reported the following error:

>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .

Record Number: 14250

Source Name: Apache Service

Time Written: 20090807113852.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 100

Message: Fatal error: Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist

For more information, see Help and Support Center at http://www.mysql.com.

Record Number: 14257

Source Name: MySQL

Time Written: 20090807113928.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 259

Message: The JRun Default service could not be started. Check the server "default" log files for more information.

Record Number: 14263

Source Name: JRun Default

Time Written: 20090807113938.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 259

Message: The JRun Admin service could not be started. Check the server "admin" log files for more information.

Record Number: 14264

Source Name: JRun Admin

Time Written: 20090807113939.000000-000

Event Type: Error

User:

Computer Name: rebel-PC

Event Code: 3036

Message: The content source <csc://{s-1-5-21-3823102813-93446612-2020005149-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:

The object was not found. (0x80041201)

Record Number: 14267

Source Name: Microsoft-Windows-Search

Time Written: 20090807114254.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: rebel-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 26600

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090807233803.424000-000

Event Type: Audit Failure

User:

Computer Name: rebel-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 26601

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090807233803.566000-000

Event Type: Audit Failure

User:

Computer Name: rebel-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 26602

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090807233803.701000-000

Event Type: Audit Failure

User:

Computer Name: rebel-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 26603

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090807233803.857000-000

Event Type: Audit Failure

User:

Computer Name: rebel-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Users\rebel\AppData\Local\Temp\aujasnkj.sys

Record Number: 26604

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090807233950.425000-000

Event Type: Audit Failure

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=C:\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Subversion\bin;D:\Program Files\TortoiseSVN\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PHPRC"=C:\PHP\

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0e08

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

"APR_ICONV_PATH"=D:\Program Files\Subversion\iconv

-----------------EOF-----------------

Log z DDS

dds.txt:

Log do sprawdzenia

DDS (Ver_09-07-30.01) - NTFSx86

Run by rebel at 1:05:09.36 on 08/08/2009

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2549.1165 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

D:\Sun\SDK\lib\appservService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\MySQL5.1\bin\mysqld-nt.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

D:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Windows\ehome\ehtray.exe

D:\Program Files\Java\jdk1.6.0_12\bin\java.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\McAfee\MWL\MwlGui.exe

C:\Program Files\Mcafee\MWL\MwlSvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\McAfee\MSC\mcuimgr.exe

C:\Windows\system32\wuauclt.exe

D:\Download\OTL.exe

D:\Download\untd0hw9.exe

D:\Download\dds.pif

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.pl/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll

mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll

uWindows: Load=c:\slowni~1\watch.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\program files\mcafee\msk\mcapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGuiSt.exe

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\users\rebel\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - d:\program files\java\jdk1.6.0_12\bin\javaw.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.webhelp.pl/index.php?f=1|http://localhost/indexik.php|http://www.google.pl/

FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - component: c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll

FF - plugin: c:\users\rebel\appdata\roaming\mozilla\firefox\profiles\w9dqiyqx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: d:\program files\google\picasa3\npPicasa3.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: d:\program files\videolan\vlc\npvlc.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-10-10 24636]

R2 AppServer9PE;SunJavaSystemAppserver9PE;d:\sun\sdk\lib\appservservice.exe "\"d:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"d:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> d:\sun\sdk\lib\appservservice.exe \d:\sun\sdk\bin\asadmin.bat\ [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-31 210216]

R2 Tomcat6;Apache Tomcat;d:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-22 57344]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-2 482176]

S2 JRun Admin;Macromedia JRun Admin Server;d:\jrun4\bin\jrunsvc.exe [2003-5-30 57344]

S2 JRun Default;Macromedia JRun Default Server;d:\jrun4\bin\jrunsvc.exe [2003-5-30 57344]

=============== Created Last 30 ================

2009-08-07 10:02 97,800 a------- c:\windows\system32\infocardapi.dll

2009-08-07 10:02 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-07 10:02 622,080 a------- c:\windows\system32\icardagt.exe

2009-08-07 10:02 37,384 a------- c:\windows\system32\infocardcpl.cpl

2009-08-07 10:02 43,544 a------- c:\windows\system32\PresentationHostProxy.dll

2009-08-07 10:02 11,264 a------- c:\windows\system32\icardres.dll

2009-08-07 10:02 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll

2009-08-07 10:02 326,160 a------- c:\windows\system32\PresentationHost.exe

2009-08-07 09:36 96,760 a------- c:\windows\system32\dfshim.dll

2009-08-07 09:36 282,112 a------- c:\windows\system32\mscoree.dll

2009-08-07 09:36 41,984 a------- c:\windows\system32\netfxperf.dll

2009-08-07 09:35 158,720 a------- c:\windows\system32\mscorier.dll

2009-08-07 09:34 83,968 a------- c:\windows\system32\mscories.dll

2009-07-29 21:05 <DIR> --d----- c:\users\rebel\appdata\roaming\TortoiseSVN

2009-07-29 20:44 <DIR> --d----- c:\users\rebel\appdata\roaming\Subversion

2009-07-29 20:43 <DIR> --d----- c:\program files\common files\TortoiseOverlays

2009-07-18 16:13 <DIR> --dsh--- c:\windows\ftpcache

2009-07-15 12:17 289,792 a------- c:\windows\system32\atmfd.dll

2009-07-15 12:17 156,672 a------- c:\windows\system32\t2embed.dll

2009-07-15 12:17 72,704 a------- c:\windows\system32\fontsub.dll

2009-07-15 12:17 10,240 a------- c:\windows\system32\dciman32.dll

2009-07-13 18:09 1,071,616 a------- c:\windows\system32\Rave76VCL120.bpl

2009-07-13 17:36 <DIR> --d----- c:\users\rebel\appdata\roaming\CodeGear

2009-07-13 17:36 <DIR> --d----- c:\programdata\Embarcadero

2009-07-13 17:36 <DIR> --d----- c:\progra~2\Embarcadero

2009-07-13 17:15 <DIR> --d----- c:\programdata\CodeGear

2009-07-13 17:15 <DIR> --d----- c:\progra~2\CodeGear

==================== Find3M ====================

2009-08-07 12:37 2,194 a------- c:\windows\bthservsdp.dat

2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll

2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll

2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe

2008-10-28 04:47 174 a--sh--- c:\program files\desktop.ini

2008-10-28 04:42 86,016 a------- c:\windows\inf\infstor.dat

2008-10-28 04:42 51,200 a------- c:\windows\inf\infpub.dat

2008-10-28 04:42 86,016 a------- c:\windows\inf\infstrng.dat

2008-10-28 04:30 665,600 a------- c:\windows\inf\drvindex.dat

2008-10-25 22:54 56 a---h--- c:\programdata\ezsidmv.dat

2008-10-25 22:54 56 a---h--- c:\progra~2\ezsidmv.dat

2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2008-12-26 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2008-12-26 00:00 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2008-12-26 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 1:14:04.65 ===============

Pozdrawiam

ililu

//Każdy log umieszczamy tylko i wyłącznie pomiędzy tagami [log ] oraz [/log ] (bez spacji).

//Proszę się tego trzymać

//jesiona

dawid_c
komentarz
komentarz

3. UWAGA: Każdy log umieszczamy tylko i wyłącznie pomiędzy tagami [log ] oraz [/log ] (bez spacji).

Popraw post!

No masz trochę syfu, np. to:

PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exe

PRC - [2009/08/08 01:03:52 | 00,359,932 | ---- | M] () -- D:\Download\dds.pif

Ale to ktoś ci napisze skrypt bo ja nie mam czasu.

//Używaj funkcji raport, nie jesteś osobom upoważnioną do pełnienia funkcji moderacyjnych

//Czemu podajesz tylko przykład? Jak już sprawdzasz to wszystko

//jesiona

Mateusz J.
komentarz
komentarz
PRC - [2009/08/08 01:03:52 | 00,359,932 | ---- | M] () -- D:\Download\dds.pif

Plik programu DDS.

PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exe

Tego pliku nie znam, czy autor tematu wie co to za plik? Przypuszczam, że go pobrałeś.

ESTABLISHED

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll File not foundO3 - HKU\S-1-5-21-3823102813-93446612-2020005149-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll File not found:REG[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="" [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]:Commands[emptytemp][start explorer][Reboot] ]

Kliknij w Run Fix i zatwierdź restart komputera.

Logi ogólnie są czyste, była mała infekcja z pendrive + pozostałość po free-downloads.net

Co do outputa nie mam pojęcia.

iLilu
komentarz
komentarz (edytowane)

Dziękuję za poprawienie posta.

PRC - [2009/08/08 00:38:34 | 00,287,744 | ---- | M] () -- D:\Download\untd0hw9.exe

Tego pliku nie znam, czy autor tematu wie co to za plik? Przypuszczam, że go pobrałeś.

Zgadza się, to plik programu Gmer i niżej jego logi:

Log do sprawdzenia
GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.net

Rootkit quick scan 2009-08-08 01:01:19

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DE7C9BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DE7C958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DE7C96C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DE7C9FC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DE7CA3F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DE7C930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DE7C944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DE7C9D2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DE7CA67]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DE7CA53]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DE7C9AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DE7C996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DE7CA2B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DE7CA12]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DE7C9E8]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DE7C982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851501F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\fastfat \Fat 863851F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Log do sprawdzenia
GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.net

Rootkit scan 2009-08-08 09:16:25

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

INT 0x52 ? 85E3CBF8

INT 0x72 ? 85E3CBF8

INT 0x72 ? 85E3CBF8

INT 0x72 ? 85E3CBF8

INT 0x92 ? 8514BBF8

INT 0xA2 ? 8514BBF8

INT 0xB2 ? 85E3CBF8

INT 0xB3 ? 85E3CBF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8DE7C9BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8DE7C958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8DE7C96C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8DE7C9FC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8DE7CA3F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8DE7C930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8DE7C944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8DE7C9D2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8DE7CA67]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8DE7CA53]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8DE7C9AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8DE7C996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8DE7CA2B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8DE7CA12]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8DE7C9E8]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8DE7C982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E7318C 5 Bytes JMP 8DE7C9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8200D17C 5 Bytes JMP 8DE7CA43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateUserProcess 82014DCA 5 Bytes JMP 8DE7C986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 8202EF80 5 Bytes JMP 8DE7CA2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 8204E1CA 5 Bytes JMP 8DE7C948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 8205DB06 5 Bytes JMP 8DE7C934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 8207071E 7 Bytes JMP 8DE7CA00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82070D75 5 Bytes JMP 8DE7CA16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 82072F86 5 Bytes JMP 8DE7C9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 82080644 5 Bytes JMP 8DE7C99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8208289E 7 Bytes JMP 8DE7C9D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 820A1402 5 Bytes JMP 8DE7CA57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 820A244E 5 Bytes JMP 8DE7CA6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 820E0171 5 Bytes JMP 8DE7C95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 820E01BC 7 Bytes JMP 8DE7C970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 820E0C7B 5 Bytes JMP 8DE7C9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

? System32\Drivers\spwv.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 8D57A46F 5 Bytes JMP 85E3C1D8

.text ao3y3kvr.SYS 8E33C000 22 Bytes [26, 02, E2, 81, 10, 01, E2, ...]

.text ao3y3kvr.SYS 8E33C017 145 Bytes [00, 32, 77, 79, 80, 3D, 75, ...]

.text ao3y3kvr.SYS 8E33C0A9 35 Bytes JMP 781B612F

.text ao3y3kvr.SYS 8E33C0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]

.text ao3y3kvr.SYS 8E33C0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]

.text ...

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[340] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[340] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00090F52

.text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00090098

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000900BD

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00090F26

.text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00090F9C

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00090FD4

.text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00090FB9

.text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0009005B

.text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00090087

.text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00090076

.text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00090040

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00090F77

.text C:\Windows\system32\services.exe[688] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000900CE

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00090FE5

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 0009000A

.text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 0009001B

.text C:\Windows\system32\services.exe[688] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00090F41

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00080039

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00080FA8

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00080FEF

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00080F97

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00080F86

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 0008000A

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00080FD4

.text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00080FC3

.text C:\Windows\system32\services.exe[688] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B90FC8

.text C:\Windows\system32\services.exe[688] msvcrt.dll!system 77318B63 5 Bytes JMP 00B90FD9

.text C:\Windows\system32\services.exe[688] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B9002E

.text C:\Windows\system32\services.exe[688] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B90000

.text C:\Windows\system32\services.exe[688] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B90049

.text C:\Windows\system32\services.exe[688] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B9001D

.text C:\Windows\system32\services.exe[688] WS2_32.dll!socket 76E236D1 5 Bytes JMP 0023000A

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001E00A2

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 001E0091

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 001E0F26

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001E0F37

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001E0F7A

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 001E0FCA

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 001E0F8B

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 001E0FA8

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001E006F

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 001E004A

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 001E0FB9

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001E0080

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 001E00D8

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 001E000A

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 001E0FEF

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 001E001B

.text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001E00B3

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001D0F8D

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001D0FB9

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001D0FEF

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001D0F9E

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001D0040

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001D0014

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001D0FDE

.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001D0025

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 0085003F

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 77318B63 5 Bytes JMP 00850FBE

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0085001D

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00850000

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 0085002E

.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00850FE3

.text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 76E236D1 5 Bytes JMP 001F0FEF

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00100F54

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 0010009A

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00100F2F

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001000D0

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00100067

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00100F9E

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 0010004A

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00100014

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00100078

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 0010002F

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00100F8D

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00100089

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00100F14

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00100FCA

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00100FEF

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00100FB9

.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001000BF

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 0013006E

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 77318B63 5 Bytes JMP 00130049

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0013002E

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 0013000C

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00130FD9

.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 0013001D

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 000F0F79

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 000F0025

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 000F0FE5

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 000F0F9E

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 000F0F68

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 000F0FD4

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 000F000A

.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 000F0FB9

.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00120000

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001C00D5

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 001C00C4

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 001C0F34

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 001C0F59

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001C007D

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 001C002F

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 001C006C

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 001C0FAF

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001C0098

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 001C005B

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 001C0040

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001C00A9

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 001C0F23

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 001C000A

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 001C0FEF

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 001C0FD4

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001C0F6A

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00730047

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 77318B63 5 Bytes JMP 00730036

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00730FC6

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00730FE3

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 0073001B

.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00730000

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001B0F8A

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001B0022

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001B0000

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001B0F9B

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001B0051

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001B0011

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001B0FE5

.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001B0FB6

.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00720000

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 001800DA

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00180F9E

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00180117

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00180106

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 001800A7

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00180FDE

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00180080

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00180FC3

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 001800B8

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00180065

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0018004A

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 001800C9

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00180F6F

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00180025

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 0018000A

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00180FEF

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 001800EB

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 001A0042

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!system 77318B63 5 Bytes JMP 001A0031

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 001A0FC1

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 001A0FEF

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 001A0016

.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 001A0FD2

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00170FCA

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00170FE5

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 0017000A

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 0017006C

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00170091

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00170036

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00170025

.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00170051

.text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00190000

.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenA 775A03ED 5 Bytes JMP 00FA0FEF

.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 00FA0FD4

.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenW 775A2A68 5 Bytes JMP 00FA000A

.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 00FA0FC3

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00FE0F4B

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00FE0F66

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00FE0F3A

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00FE00D1

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00FE0F9C

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00FE0036

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00FE0FAD

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00FE0FCA

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00FE0F8B

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00FE0076

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00FE005B

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00FE0091

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00FE0F15

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00FE000A

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00FE0FEF

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00FE0025

.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00FE00B6

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 01E40FC3

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!system 77318B63 5 Bytes JMP 01E4004E

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 01E40FDE

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 01E40FEF

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 01E40033

.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 01E40018

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00FC0F9E

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00FC0040

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00FC000A

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00FC0FB9

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00FC0F83

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00FC0FEF

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00FC001B

.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00FC0FD4

.text C:\Windows\System32\svchost.exe[1076] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00FF000A

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A500A5

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A50F55

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A500EC

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A500D1

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A5006C

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A5002C

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A50F9E

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A50051

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A50F81

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A50FAF

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A50FCA

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A50F70

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A50F30

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A50FE5

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A50000

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A5001B

.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A500C0

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B70051

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 77318B63 5 Bytes JMP 00B70036

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B70FC6

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B70000

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B7001B

.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B70FE3

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00A40F8A

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00A40FA5

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00A40FEF

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00A4002C

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00A40047

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00A4000A

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00A40FD4

.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00A4001B

.text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00A60000

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 008D00BA

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 008D00A9

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 008D0115

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 008D00FA

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 008D0084

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 008D0025

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 008D0073

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 008D0047

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 008D0F8F

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 008D0062

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 008D0036

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 008D0F7E

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 008D0F63

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 008D0014

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 008D0FEF

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 008D0FDE

.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 008D00D5

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00B40FA8

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!system 77318B63 5 Bytes JMP 00B40FB9

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00B40018

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00B40FEF

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00B40033

.text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00B40FDE

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00870040

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00870025

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00870FEF

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00870FA8

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00870F79

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00870FC3

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00870FD4

.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00870014

.text C:\Windows\system32\svchost.exe[1148] WS2_32.dll!socket 76E236D1 5 Bytes JMP 008E0000

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A300A9

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A30098

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A300D5

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A30F3E

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A30FA3

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A30051

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A3007D

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A30FE5

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A30F88

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A30FC0

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A30062

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A30F77

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A30F23

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A3001B

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A3000A

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A30036

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A300BA

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00A50064

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!system 77318B63 5 Bytes JMP 00A50FD9

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00A5002E

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00A50000

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00A50049

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00A5001D

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00690051

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00690040

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00690FEF

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00690FB9

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00690F94

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00690FDE

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 0069000A

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0069002F

.text C:\Windows\system32\svchost.exe[1292] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00A40FEF

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenA 775A03ED 5 Bytes JMP 00A60000

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 00A60FD4

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenW 775A2A68 5 Bytes JMP 00A60FE5

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 00A60FC3

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 008200D5

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00820F99

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 008200F0

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00820F59

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00820FB4

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00820047

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00820FDB

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0082007D

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 008200A9

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00820098

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 0082006C

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 008200C4

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00820101

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 0082001B

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00820000

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00820036

.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00820F74

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00840053

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!system 77318B63 5 Bytes JMP 00840FC8

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0084001D

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00840FE3

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00840038

.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00840000

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 001B0FA1

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 001B001E

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 001B0FEF

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 001B0039

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 001B0F90

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 001B0FCD

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 001B0FDE

.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 001B0FBC

.text C:\Windows\system32\svchost.exe[1404] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00830FEF

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00A90F6B

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00A90F7C

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00A90F5A

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00A900F1

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00A90093

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00A90036

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00A90FAF

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00A90062

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00A90F9E

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00A90FC0

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00A90051

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00A90F8D

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00A90F49

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00A90014

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00A90FEF

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00A90025

.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00A900CC

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00AB0031

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!system 77318B63 5 Bytes JMP 00AB0FA6

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00AB0FC1

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00AB0FEF

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00AB000C

.text C:\Windows\system32\svchost.exe[1612] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00AB0FDE

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00A70FA1

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00A70FC3

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00A70FEF

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00A70FB2

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00A7005E

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00A7002F

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00A7000A

.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00A70FDE

.text C:\Windows\system32\svchost.exe[1612] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00AA0FEF

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000A006C

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 000A0F30

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000A00B3

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000A00A2

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 000A0F77

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 000A0FC3

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 000A0F88

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 000A0040

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 000A0F5C

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 000A0051

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 000A002F

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 000A0F41

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000A00CE

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 000A0FEF

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 000A0000

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 000A0FDE

.text C:\Windows\system32\svchost.exe[1856] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 000A0091

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000D0FA8

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!system 77318B63 5 Bytes JMP 000D003D

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000D0018

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000D0FEF

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000D0FCD

.text C:\Windows\system32\svchost.exe[1856] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000D0FDE

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00090F61

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00090F8D

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00090FEF

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00090F7C

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00090028

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00090FB9

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00090FD4

.text C:\Windows\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00090FA8

.text C:\Windows\system32\svchost.exe[1856] WS2_32.dll!socket 76E236D1 5 Bytes JMP 000B0FEF

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00950F48

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00950F63

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 009500CB

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 009500BA

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 0095007D

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00950FC0

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00950FA5

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00950047

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00950F7E

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00950062

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00950036

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 0095008E

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00950F19

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00950011

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00950000

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00950FDB

.text C:\Windows\system32\svchost.exe[2412] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 009500A9

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00970042

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!system 77318B63 5 Bytes JMP 00970031

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 0097000C

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00970FEF

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00970FB7

.text C:\Windows\system32\svchost.exe[2412] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00970FDE

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00940036

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00940FA5

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00940FEF

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00940F94

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00940047

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00940011

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00940000

.text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00940FB6

.text C:\Windows\system32\svchost.exe[2412] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00960FEF

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 009A008E

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 009A0F48

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 009A0F12

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 009A00B3

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 009A0F6A

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 009A0011

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 009A004E

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 009A0F91

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 009A0069

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 009A003D

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 009A0022

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 009A0F59

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 009A0F01

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 009A0FE5

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 009A0000

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 009A0FC0

.text C:\Windows\system32\svchost.exe[2484] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 009A0F2D

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 009C005D

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!system 77318B63 5 Bytes JMP 009C004C

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 009C001D

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 009C0000

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 009C0FD2

.text C:\Windows\system32\svchost.exe[2484] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 009C0FE3

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00880F7C

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00880F9E

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00880FE5

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00880F8D

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00880F6B

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00880FD4

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00880000

.text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00880FB9

.text C:\Windows\system32\svchost.exe[2484] WS2_32.dll!socket 76E236D1 5 Bytes JMP 009B0FE5

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000A0098

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 000A0087

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000A0F0B

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000A0F1C

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 000A0F66

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 000A001B

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 000A0F77

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 000A002C

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 000A005B

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 000A0F94

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 000A0FA5

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 000A0076

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000A00BD

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 000A0FDE

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 000A0FEF

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 000A000A

.text C:\Windows\System32\svchost.exe[2684] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 000A0F37

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000B0F9C

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!system 77318B63 5 Bytes JMP 000B0FAD

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000B0027

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000B0FEF

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000B0FD2

.text C:\Windows\System32\svchost.exe[2684] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000B000C

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00090FA8

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00090FC3

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00090FEF

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 0009004A

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00090F8D

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 0009000A

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00090FD4

.text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0009002F

.text C:\Windows\System32\svchost.exe[2684] WS2_32.dll!socket 76E236D1 5 Bytes JMP 00160FEF

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 0001008E

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00010F48

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00010F1C

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 000100B3

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F63

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010FCA

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010047

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00010036

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010058

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00010F8A

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010FAF

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00010069

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000100C4

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010000

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010011

.text C:\Windows\Explorer.EXE[3192] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010F2D

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00050F83

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00050FAF

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00050FEF

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00050F94

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 00050040

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00050FCA

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 00050000

.text C:\Windows\Explorer.EXE[3192] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 0005001B

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000A0036

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!system 77318B63 5 Bytes JMP 000A0FA1

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000A0FCD

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000A0FEF

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000A0FBC

.text C:\Windows\Explorer.EXE[3192] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000A0FDE

.text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenA 775A03ED 5 Bytes JMP 01800FE5

.text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenUrlA 775A20B3 5 Bytes JMP 01800FB9

.text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenW 775A2A68 5 Bytes JMP 01800FCA

.text C:\Windows\Explorer.EXE[3192] WININET.dll!InternetOpenUrlW 775EB131 5 Bytes JMP 0180000A

.text C:\Windows\Explorer.EXE[3192] WS2_32.dll!socket 76E236D1 5 Bytes JMP 01820000

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 000100B6

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 0001009B

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 000100DB

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00010F44

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F81

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010040

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010F9E

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 0001005B

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010076

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 00010FAF

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010FD4

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 00010F70

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 000100EC

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010014

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010025

.text C:\Windows\system32\svchost.exe[5316] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010F5F

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 00050FC3

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!system 77318B63 5 Bytes JMP 00050FDE

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 00050029

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 00050FEF

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 00050044

.text C:\Windows\system32\svchost.exe[5316] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 00050018

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 00060F8D

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 00060FA8

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 00060FE5

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 00060039

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 0006004A

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 00060FD4

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 0006000A

.text C:\Windows\system32\svchost.exe[5316] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 00060FB9

.text C:\Windows\system32\svchost.exe[5316] WS2_32.dll!socket 76E236D1 5 Bytes JMP 000B000A

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetStartupInfoW 76AB1929 5 Bytes JMP 00010F15

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetStartupInfoA 76AB19C9 5 Bytes JMP 00010F3A

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateProcessW 76AB1C01 5 Bytes JMP 00010EDF

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateProcessA 76AB1C36 5 Bytes JMP 00010EFA

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!VirtualProtect 76AB1DD1 5 Bytes JMP 00010F66

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateNamedPipeW 76AB5C44 5 Bytes JMP 00010FA8

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryExW 76AD30C3 5 Bytes JMP 00010040

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryW 76AD361F 5 Bytes JMP 00010014

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!VirtualProtectEx 76AD8D7E 5 Bytes JMP 00010F4B

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryExA 76AD9469 5 Bytes JMP 0001002F

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!LoadLibraryA 76AD9491 5 Bytes JMP 00010F83

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreatePipe 76AE0284 5 Bytes JMP 0001005B

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!GetProcAddress 76AFB8B6 5 Bytes JMP 00010091

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateFileW 76AFCC4E 5 Bytes JMP 00010FD4

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateFileA 76AFCF71 5 Bytes JMP 00010FEF

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!CreateNamedPipeA 76B4430E 5 Bytes JMP 00010FB9

.text C:\Windows\system32\wuauclt.exe[5756] kernel32.dll!WinExec 76B454FF 5 Bytes JMP 00010076

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wsystem 77318A47 5 Bytes JMP 000A004E

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!system 77318B63 5 Bytes JMP 000A0033

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_creat 7731C6F1 5 Bytes JMP 000A0022

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_open 7731DA7E 5 Bytes JMP 000A0000

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wcreat 7731DC9E 5 Bytes JMP 000A0FCD

.text C:\Windows\system32\wuauclt.exe[5756] msvcrt.dll!_wopen 7731DE79 5 Bytes JMP 000A0011

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyExA 75EEB5E7 5 Bytes JMP 000B005B

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyA 75EEB8AE 5 Bytes JMP 000B0FCA

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyA 75EF0BF5 5 Bytes JMP 000B0FEF

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyW 75EFB83D 5 Bytes JMP 000B0FAF

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegCreateKeyExW 75EFBCE1 5 Bytes JMP 000B006C

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyExA 75EFD4E8 5 Bytes JMP 000B001B

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyW 75F03CB0 5 Bytes JMP 000B000A

.text C:\Windows\system32\wuauclt.exe[5756] ADVAPI32.dll!RegOpenKeyExW 75F0F09D 5 Bytes JMP 000B0036

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069E048] \SystemRoot\System32\Drivers\spwv.sys

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortNotification] CC000CC2

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [8D5750FC] \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortMoveMemory] 00012284

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0

IAT \SystemRoot\System32\Drivers\ao3y3kvr.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851501F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\fastfat \FatCdrom 863851F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8514D1F8

Device \Driver\usbuhci \Device\USBPDO-0 85DE11F8

Device \Driver\usbuhci \Device\USBPDO-1 85DE11F8

Device \Driver\usbuhci \Device\USBPDO-2 85DE11F8

Device \Driver\usbuhci \Device\USBPDO-3 85DE11F8

Device \Driver\usbehci \Device\USBPDO-4 85E0C1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{D3513FE2-DCBB-4795-BCD3-D0248C5616DF} 8628E500

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\volmgr \Device\HarddiskVolume1 8514D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85EF61F8

Device \Driver\volmgr \Device\HarddiskVolume2 8514D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume3 8514D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 85EF61F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8514F1F8

Device \Driver\atapi \Device\Ide\IdePort0 8514F1F8

Device \Driver\atapi \Device\Ide\IdePort1 8514F1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8514F1F8

Device \Driver\volmgr \Device\HarddiskVolume4 8514D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 85EF61F8

Device \Driver\volmgr \Device\HarddiskVolume5 8514D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom3 85EF61F8

Device \Driver\BTHUSB \Device\00000069 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000069 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBt_Wins_Export 8628E500

Device \Driver\Smb \Device\NetbiosSmb 8628B1F8

Device \Driver\PCI_PNP1214 \Device\0000004e spwv.sys

Device \Driver\iScsiPrt \Device\RaidPort0 85E071F8

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 85DE11F8

Device \FileSystem\fastfat \Fat 863851F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\cdfs \Cdfs 84ACF500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3@001620a75b1e 0x4E 0x78 0x2E 0x16 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x36 0xFC 0x5B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x92 0xCD 0x8B 0x8F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x7D 0xA5 0xBA ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x01 0x33 0xB9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x0E 0xED 0x45 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x18 0x95 0x33 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3@001620a75b1e 0x4E 0x78 0x2E 0x16 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x36 0xFC 0x5B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x92 0xCD 0x8B 0x8F ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x7D 0xA5 0xBA ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x01 0x33 0xB9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5E 0x0E 0xED 0x45 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x18 0x95 0x33 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3823102813-93446612-2020005149-1000@RefCount 4

---- EOF - GMER 1.0.15 ----

Log do sprawdzenia
GMER 1.0.15.15020 [untd0hw9.exe] - http://www.gmer.net

Rootkit scan 2009-08-08 09:25:41

Windows 6.0.6001 Service Pack 1

---- Services - GMER 1.0.15 ----

Service .NET CLR Data

Service .NET CLR Networking

Service .NET Data Provider for Oracle

Service .NET Data Provider for SqlServer

Service .NETFramework

Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [bOOT] ACPI

Service C:\Windows\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService

Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx

Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci

Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m

Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320

Service adsi

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc

Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [sYSTEM] AFD

Service C:\Windows\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem

Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440

Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx

Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG

Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide

Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp

Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide

Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7

Service C:\Windows\system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK8

Service C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] Apache2.2

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppMgmt

Service D:\Sun\SDK\lib\appservService.exe [AUTO] AppServer9PE

Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc

Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas

Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac

Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [bOOT] atapi

Service C:\Windows\System32\Drivers\ATSwpWDF.sys ( AuthenTec Swipe Sensor WDF USB Driver/AuthenTec, Inc.) [MANUAL] ATSwpWDF

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv

Service (Battery Class Driver/Microsoft Corporation) BattC

Service C:\Windows\system32\DRIVERS\bcmwl6.sys (BCM 802.11g Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XV

Service (BEEP Driver/Microsoft Corporation) [sYSTEM] Beep

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS

Service system32\drivers\blbdrive.sys [DISABLED] blbdrive

Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service

Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser

Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo

Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser

Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid

Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm

Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm

Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer

Service C:\Windows\system32\DRIVERS\BthEnum.sys (Bluetooth Bus Extender/Microsoft Corporation) [MANUAL] BthEnum

Service C:\Windows\system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM

Service C:\Windows\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan

Service C:\Windows\System32\Drivers\BTHport.sys (Bluetooth Bus Driver/Microsoft Corporation) [MANUAL] BTHPORT

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BthServ

Service C:\Windows\System32\Drivers\BTHUSB.sys (Bluetooth Miniport Driver/Microsoft Corporation) [MANUAL] BTHUSB

Service BTKRNL

Service C:\Windows\system32\drivers\btwaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btwaudio

Service C:\Windows\system32\drivers\btwavdt.sys (Broadcom Bluetooth AVDT Service/Broadcom Corporation.) [MANUAL] btwavdt

Service C:\Windows\system32\DRIVERS\btwrchid.sys (Bluetooth Remote Control HID Minidriver/Broadcom Corporation.) [MANUAL] btwrchid

Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs

Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [sYSTEM] cdrom

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc

Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass

Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [bOOT] CLFS

Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32

Service C:\Windows\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt

Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide

Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [bOOT] Compbatt

Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp

Service C:\Users\rebel\AppData\Local\Temp\cportclm.sys [MANUAL] cportclm

Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [bOOT] crcdisk

Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe

Service crypt32

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc

Service C:\Windows\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [DISABLED] CSC

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] CscService

Service DCLocator

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch

Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [sYSTEM] DfsC

Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp

Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [bOOT] disk

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS

Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud

Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl

Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost

Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [bOOT] Ecache

Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr

Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart

Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor

Service EmdCache

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt

Service ESENT

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem

Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat

Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat

Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax

Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub

Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [bOOT] FileInfo

Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace

Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk

Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [bOOT] FltMgr

Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0

Service (File System Recognizer Driver/Microsoft Corporation) [sYSTEM] Fs_Rec

Service C:\Windows\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [bOOT] fvevol

Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc

Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc

Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService

Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus

Service C:\Windows\system32\DRIVERS\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth

Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv

Service C:\Windows\system32\drivers\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidUsb

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc

Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs

Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP

Service C:\Windows\system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp

Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [sYSTEM] i8042prt

Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] ialm

Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV

Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc

Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT

Service inetaccs

Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [bOOT] intelide

Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum

Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc

Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\Windows\system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV

Service C:\Windows\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT

Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM

Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp

Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt

Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi

Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid

Service D:\JRun4\bin\jrunsvc.exe (JRun Service Controller/Macromedia Inc.) [AUTO] JRun Admin

Service D:\JRun4\bin\jrunsvc.exe (JRun Service Controller/Macromedia Inc.) [AUTO] JRun Default

Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [sYSTEM] kbdclass

Service C:\Windows\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [sYSTEM] kbdhid

Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso

Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [bOOT] KSecDD

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation

Service ldap

Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts

Service Lsa

Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC

Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS

Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI

Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv

Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [AUTO] McAfee SiteAdvisor Service

Service C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) [AUTO] mcmscsvc

Service c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) [AUTO] McNASvc

Service C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee VirusScan - On Demand Scan/McAfee, Inc.) [MANUAL] McODS

Service c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) [AUTO] McProxy

Service C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) [AUTO] McShield

Service C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) [MANUAL] McSysmon

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc

Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] megasas

Service C:\Windows\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk

Service C:\Windows\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk

Service C:\Windows\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) [sYSTEM] mfehidk

Service C:\Windows\system32\drivers\mferkdk.sys (VSCore Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdk

Service C:\Windows\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) [MANUAL] mfesmfk

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS

Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem

Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor

Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [sYSTEM] mouclass

Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid

Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [bOOT] MountMgr

Service C:\Windows\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) [sYSTEM] MPFP

Service C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service/McAfee, Inc.) [AUTO] MpfService

Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio

Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc

Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x

Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV

Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb

Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10

Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20

Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci

Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm

Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC

Service MSDTC Bridge 3.0.0.0

Service (Mailslot driver/Microsoft Corporation) [sYSTEM] Msfs

Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [bOOT] msisadrv

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI

Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver

Service C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Anti-Spam Server/McAfee, Inc.) [AUTO] MSK80Service

Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV

Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK

Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM

Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC

Service MSSCNTRS

Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios

Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE

Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [bOOT] Mup

Service C:\Program Files\Mcafee\MWL\MwlSvc.exe (McAfee Wireless Network Security Service/McAfee, Inc.) [MANUAL] MWLSvc

Service C:\MySQL5.1\bin\mysqld-nt.exe [AUTO] MySQL

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent

Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP

Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [bOOT] NDIS

Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi

Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio

Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan

Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy

Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [sYSTEM] NetBIOS

Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [sYSTEM] netbt

Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm

Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing

Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc

Service (NPFS Driver/Microsoft Corporation) [sYSTEM] Npfs

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi

Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [sYSTEM] nsiproxy

Service NTDS

Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs

Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi

Service (NULL Driver/Microsoft Corporation) [sYSTEM] Null

Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce RAID Driver/NVIDIA Corporation) [DISABLED] nvraid

Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor

Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp

Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc

Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport

Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [bOOT] partmgr

Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc

Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [bOOT] pci

Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] pciide

Service C:\Windows\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [bOOT] pcmcia

Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent

Service PortProxy

Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport

Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc

Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage

Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [sYSTEM] PSched

Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300

Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE

Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv

Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [sYSTEM] RasAcd

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto

Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan

Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe

Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp

Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [sYSTEM] rdbss

Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPCDD

Service RDPDD

Service C:\Windows\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr

Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPENCDD

Service RDPNP

Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry

Service C:\Windows\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM

Service C:\Windows\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [MANUAL] rimmptsk

Service C:\Windows\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk

Service C:\Windows\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [AUTO] rismxdp

Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs

Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr

Service C:\Windows\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp

Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs

Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc

Service C:\Windows\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC

Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS

Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum

Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial

Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelService 3.0.0.0

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv

Service C:\Windows\system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk

Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc

Service C:\Windows\system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd

Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SharedAccess

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection

Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp

Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [DISABLED] SiSRaid2

Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4

Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify

Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [sYSTEM] Smb

Service SMSvcHost 3.0.0.0

Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP

Service C:\Windows\system32\DRIVERS\snp2sxp.sys [MANUAL] SNP2STD

Service (loader for security processor/Microsoft Corporation) [bOOT] spldr

Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler

Service C:\Windows\System32\Drivers\sptd.sys [bOOT] sptd

Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv

Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2

Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc

Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv

Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx

Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi

Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3

Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS

Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [sYSTEM] Tcpip

Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6

Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg

Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE

Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP

Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [sYSTEM] tdx

Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [sYSTEM] TermDD

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER

Service D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (Service Runner/Apache Software Foundation) [AUTO] Tomcat6

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks

Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller

Service TSDDD

Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv

Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp

Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel

Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35

Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs

Service UGatherer

Service UGTHRSVC

Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect

Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx

Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci

Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata

Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2

Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] UmRdpService

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost

Service usb

Service C:\Windows\system32\drivers\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [DISABLED] usbccgp

Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir

Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci

Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub

Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbohci

Service C:\Windows\system32\drivers\usbprint.sys (USB Printer driver/Microsoft Corporation) [DISABLED] usbprint

Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR

Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms

Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds

Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga

Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [sYSTEM] VgaSave

Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp

Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7

Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide

Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [bOOT] volmgr

Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [bOOT] volmgrx

Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [bOOT] volsnap

Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR X86-32/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid

Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time

Service W3SVC

Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen

Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp

Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [sYSTEM] Wanarpv6

Service C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE/Microsoft Corporation) [MANUAL] wbengine

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService

Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd

Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [bOOT] Wdf01000

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend

Service Windows Workflow Foundation 3.0.0.0

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM

Service [MANUAL] Winsock

Service WinSock2

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc

Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi

Service WmiApRpl

Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv

Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum

Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl

Service C:\Windows\system32\DRIVERS\WscNetDr.sys (McAfee Wireless Home Network Security Driver/McAfee, Inc.) [MANUAL] WscNetDr

Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc

Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch

Service WSearchIdxPi

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv

Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc

Service xmlprov

Service {A4159796-DC37-4C4B-92A3-F536F1C733AF}

Service {D3513FE2-DCBB-4795-BCD3-D0248C5616DF}

Service {FFCF2467-DA9A-4549-8F9D-34B00375E377}

---- EOF - GMER 1.0.15 ----

i jeszcze log z catchme:

Log do sprawdzenia
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-08 01:26:41

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedea9c3]

"001620a75b1e"=hex:4e,78,2e,16,14,6f,db,b1,bb,a7,82,af,f8,34,ce,27

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:a1,36,fc,5b,52,58,ce,4f,43,ec,20,e5,e8,8d,6f,95,15,0b,07,79,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="d:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000001

"khjeh"=hex:92,cd,8b,8f,de,4e,44,ca,e1,e5,f8,9c,72,43,9f,5b,57,1f,6e,47,7c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,f8,fe,b9,b7,d9,ca,ec,d7,b8,75,ef,1d,3c,75,98,2a,de,..

"khjeh"=hex:65,7d,a5,ba,fd,83,bc,b6,a0,64,92,5a,3a,3f,dd,3b,0c,83,c6,4b,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:81,01,33,b9,1c,72,a3,1e,b5,3f,3c,17,e6,e7,98,11,68,a2,ac,a1,a1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:5e,0e,ed,45,1b,15,2c,84,22,2a,d5,2e,fa,ff,26,9c,6f,c0,e0,6a,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:66,18,95,33,5e,3f,e4,23,e1,f8,c7,c5,65,c5,37,44,2e,2e,b0,55,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedea9c3]

"001620a75b1e"=hex:4e,78,2e,16,14,6f,db,b1,bb,a7,82,af,f8,34,ce,27

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:a1,36,fc,5b,52,58,ce,4f,43,ec,20,e5,e8,8d,6f,95,15,0b,07,79,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="d:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000001

"khjeh"=hex:92,cd,8b,8f,de,4e,44,ca,e1,e5,f8,9c,72,43,9f,5b,57,1f,6e,47,7c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,f8,fe,b9,b7,d9,ca,ec,d7,b8,75,ef,1d,3c,75,98,2a,de,..

"khjeh"=hex:65,7d,a5,ba,fd,83,bc,b6,a0,64,92,5a,3a,3f,dd,3b,0c,83,c6,4b,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:81,01,33,b9,1c,72,a3,1e,b5,3f,3c,17,e6,e7,98,11,68,a2,ac,a1,a1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:5e,0e,ed,45,1b,15,2c,84,22,2a,d5,2e,fa,ff,26,9c,6f,c0,e0,6a,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:66,18,95,33,5e,3f,e4,23,e1,f8,c7,c5,65,c5,37,44,2e,2e,b0,55,e4,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

disk not found C:\

please note that you need administrator rights to perform deep scan

disk not found C:\

please note that you need administrator rights to perform deep scan

Gość
komentarz
komentarz

Logi są w porządku.

.

iLilu
komentarz
komentarz (edytowane)

Po Run Fix nic się nie dzieje, log jest pusty.

KamilJB dziękuję.

jesiona równięż dziękuje i małe pytanko, skąd wiesz, że infekcja z pendriva? :)

Mateusz J.
komentarz
komentarz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {4d92da55-4632-11de-96e1-0016cedea9c3}]shell\AutoRun\command - J:\autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {5adff5f6-d2d6-11dd-9348-000fb0cac103}]shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exeshell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a60b4aa1-2d07-11de-a864-0016cedea9c3}]shell\AutoRun\command - I:\Uruchom.EXE

Wpisy mountpoints2 tworzą media przenośne, czyli pendrive, mp3, mp4 :)

iLilu
komentarz
komentarz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {4d92da55-4632-11de-96e1-0016cedea9c3}]shell\AutoRun\command - J:\autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a60b4aa1-2d07-11de-a864-0016cedea9c3}]shell\AutoRun\command - I:\Uruchom.EXE

Powyższe powinno być OK, to tylko obrazy. Natomiast to jest podejrzane:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {5adff5f6-d2d6-11dd-9348-000fb0cac103}]shell\AutoRun\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exeshell\open\command - H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

Wpisy mountpoints2 tworzą media przenośne, czyli pendrive, mp3, mp4 :)

Ahaaa:) Jakie sprytne:)

Ah.. i lepsze od netstat -a jest netstat -b bo pokazuje program korzystający z połączenia.

Dziękuje bardzo, że się wam chciało:)

Pozdrawiam serdecznie,

ililu

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.