|
|
#31
22nd Feb 2009, 17:31
|
|||
|
|||
|
Was there anything in the combofix log? Also this is only half its to long
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-22 16:11:57 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spiw.sys ZwCreateKey [0xF75840E0] SSDT spiw.sys ZwEnumerateKey [0xF75A2CA2] SSDT spiw.sys ZwEnumerateValueKey [0xF75A3030] SSDT spiw.sys ZwOpenKey [0xF75840C0] SSDT spiw.sys ZwQueryKey [0xF75A3108] SSDT spiw.sys ZwQueryValueKey [0xF75A2F88] SSDT spiw.sys ZwSetValueKey [0xF75A319A] INT 0x62 ? 86FCEBF8 INT 0x83 ? 863C6BF8 INT 0x94 ? 863C6BF8 INT 0xB4 ? 86F4BBF8 Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE6299CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE629978] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE62998C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE629A7B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE629AA7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE629A0A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE629B41] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE629950] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE629964] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE6299DE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE629AE9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE629A91] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE629B69] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE629B55] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE6299B6] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE6299A2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE629A39] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE629B2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE629A20] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE6299F4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!ZwYieldExecution 80515A6A 7 Bytes JMP EE6299F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP EE6299CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP EE6299A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP EE629A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP EE629A0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP EE629954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP EE6299E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP EE629990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP EE629A3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP EE629AAB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP EE629A7F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP EE62997C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 805E1939 5 Bytes JMP EE629968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E218F 5 Bytes JMP EE629B45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetContextThread 80635947 5 Bytes JMP EE6299BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwUnloadKey 80654DB2 7 Bytes JMP EE629B2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556D8 7 Bytes JMP EE629AED \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRenameKey 80655B56 7 Bytes JMP EE629A95 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRestoreKey 80656049 5 Bytes JMP EE629B59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwReplaceKey 806564B2 5 Bytes JMP EE629B6D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? spiw.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F4FC38AC 5 Bytes JMP 863C61D8 .text aa7teh8u.SYS F4EFC386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text aa7teh8u.SYS F4EFC3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text aa7teh8u.SYS F4EFC3C4 3 Bytes [ 00, 70, 02 ] .text aa7teh8u.SYS F4EFC3C9 1 Byte [ 2E ] .text aa7teh8u.SYS F4EFC3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ] .text ... ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026D0FEF .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026D006F .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026D0F7A .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026D0F97 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026D0FB2 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026D0FCD .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026D00A5 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026D0F5F .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026D0F16 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026D0F31 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 026D00CA .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 026D0054 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 026D000A .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 026D0080 .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 026D002F .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 026D0FDE .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 026D0F42 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03990014 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03990062 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03990FC3 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03990FD4 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03990051 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03990FEF .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 03990040 .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03990025 .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 039A0FEF .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 039A000A .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 039A0025 .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 039A0036 .text C:\WINDOWS\Explorer.EXE[480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03940000 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00FEF .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00F50 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00F61 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E00F7C .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E00F97 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FB9 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E0007B .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00F33 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E00F18 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E000B1 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E00F07 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E00FA8 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E0000A .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E00060 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E00FCA .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E0001B .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E00096 .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FC0 .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0F83 .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FDB .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0011 .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0F9E .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FF0FAF .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 1F, 89 ] .text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF002C .text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FEF .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B8007B .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F7C .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80056 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F8D .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FB9 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B8008C .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F50 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F15 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800AE .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B800D3 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B80F9E .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B8001B .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B80F6B .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80FD4 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B80FE5 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B8009D .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0025 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0F80 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0FCA .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FE5 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0047 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0FA5 .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DF, 88 ] .text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0036 .text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B9000A .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50F68 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5005D .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F79 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50036 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FB9 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50082 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50F3C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50EFD .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F0E .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C50EEC .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C50F94 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C50025 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C50F57 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C50FCA .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C50FE5 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C50F1F .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C80FD4 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C80F94 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C8001B .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C80FE5 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C80051 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C80000 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C80036 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C80FAF .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C6000A .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30FEF .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30093 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30078 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3005B .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30F9E .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30036 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F300AE .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30F68 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 1 Byte [ E9 ] .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW + 2 7C802338 3 Bytes [ EB, 72, 84 ] .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F300C9 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F300E4 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F30FAF .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F3000A .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F30F79 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F30FD4 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F30025 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F30F4B .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F6001B .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F60F8D .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F6000A .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F60FCA .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F6004A .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F60FE5 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F60F9E .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 16, 89 ] .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F60FAF .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02480000 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02480F63 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02480F7E .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02480058 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02480047 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02480FA5 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02480F41 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02480F52 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02480F15 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02480F26 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 024800C9 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02480036 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02480FE5 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02480073 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02480FC0 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02480011 .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024800A4 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 024B0FB6 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 024B0F80 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 024B0011 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 024B0000 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 024B0047 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 024B0FEF .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 024B0FA5 .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 6B, 8A ] .text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 024B0022 .text C:\WINDOWS\System32\svchost.exe[1360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0249000A .text C:\WINDOWS\System32\svchost.exe[1360] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 024C0FEF .text C:\WINDOWS\System32\svchost.exe[1360] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 024C0014 .text C:\WINDOWS\System32\svchost.exe[1360] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 024C002F .text C:\WINDOWS\System32\svchost.exe[1360] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 024C0FDE .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0063005D .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F68 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063004C .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063002F .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630FA8 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F21 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F32 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006300BA .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0063009F .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00630F06 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00630F8D .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0063000A .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00630F43 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00630FB9 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00630FD4 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00630084 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00650FE5 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00650FA8 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00650040 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00650025 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00650FB9 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0065000A .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00650FCA .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 85, 88 ] .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00650051 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1460] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0079004A .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F4B .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00790F5C .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790025 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790F8D .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790082 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F30 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007900A4 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00790093 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00790EF0 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0079000A .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00790FD4 .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0079005B .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00790F9E .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00790FAF .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00790F15 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007C0FC0 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007C0F94 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007C001B .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007C0FEF .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007C0047 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007C000A .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007C0FA5 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 9C, 88 ] .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007C002C .text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0000 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0051 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0040 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F68 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F79 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0F9E .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F24 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F41 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EF8 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F09 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0EE7 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0025 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FDB .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0062 .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FAF .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCA .text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0091 .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FD4 .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F94 .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FEF .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290025 .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029005B .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0029000A .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FC3 .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ] .text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290040 |
|
#32
22nd Feb 2009, 17:33
|
|||
|
|||
|
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD22D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75B5C4C] spiw.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75B5CA0] spiw.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7585040] spiw.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F758513C] spiw.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75850BE] spiw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75857FC] spiw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75856D2] spiw.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 863C62D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7595048] spiw.sys IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeCancelTimer] C6000000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!sprintf] 1CBD8688 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ZwClose] F6317300 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoStartTimer] 86880547 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!strstr] 8D08758B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!_strupr] 8D51FC4D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!memmove] 5DE58B5E IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\aa7teh8u.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 86F341F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Fastfat \FatCdrom 847BA500 Device \FileSystem\Udfs \UdfsCdRom 86314500 Device \FileSystem\Udfs \UdfsDisk 86314500 AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 863C51F8 Device \Driver\sptd \Device\1826621836 spiw.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F4C1F8 Device \Driver\dmio \Device\DmControl\DmConfig 86F4C1F8 Device \Driver\dmio \Device\DmControl\DmPnP 86F4C1F8 Device \Driver\dmio \Device\DmControl\DmInfo 86F4C1F8 Device \Driver\usbuhci \Device\USBPDO-1 863C51F8 Device \Driver\usbuhci \Device\USBPDO-2 863C51F8 Device \Driver\usbuhci \Device\USBPDO-3 863C51F8 Device \Driver\usbehci \Device\USBPDO-4 863771F8 AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD01F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0016cee163f5 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x92 0xEA 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x78 0x56 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0xA1 0xC2 0x69 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khje h 0xC3 0x0C 0xEA 0x55 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramet ers\Keys\0016cee163f5 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x96 0x92 0xEA 0x6D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x78 0x56 0xE2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0xDB 0x1D 0x37 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC3 0x0C 0xEA 0x55 ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.14 ---- |
|
#33
22nd Feb 2009, 18:15
|
|||
|
|||
|
ComboFix was pretty normal.
I do want to look closer with GMER and then also see the Kaspersky scan. Download the MBR Rootkit Detector to your desktop.
__________________
 |
|
#34
22nd Feb 2009, 18:18
|
|||
|
|||
|
That link for the scanner is broken.
|
|
#35
22nd Feb 2009, 18:42
|
|||
|
|||
|
Works OK for me?
__________________
|
|
#36
22nd Feb 2009, 19:10
|
|||
|
|||
|
yeah when ever i clicked that virus scanner link it says oops link appears broken
|
|
#37
22nd Feb 2009, 19:11
|
|||
|
|||
|
Also when does that log come up becasue i clicked on it and it hasnt came up with one for like 1 hour
|
|
#38
22nd Feb 2009, 19:12
|
|||
|
|||
|
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK |
|
#39
22nd Feb 2009, 19:20
|
|||
|
|||
|
Looks fine. Waiting on the Kaspersky log but I doubt it's going to show much, if anything...
__________________
|
|
#40
22nd Feb 2009, 19:24
|
|||
|
|||
|
I am wondering if its my cd rom drive becasue when I have a cd in the drive and try to load CDBurnerXp it doesnt load. But if I take out the cd and then try to load up CDBurnerXP it loads perfectly.
|
