MyCity » Ambulanta -> Arhiva Ambulante » Invader HELP

Invader HELP

Napisano na dan: 6.9.2007

Strana:
1
2

Invader HELP

Sledeća strana

Pagination

Odgovori

Strana:
1
2

BaDMaN19 Poslao: 06 Sep 2007 19:15 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dali e nekoj zapoznaen so ovoj Virus/Malware i kako i da e ... I dali znae nacin kako da go otstranam... Se vcituva vo procesite

Profil

bobby Poslao: 06 Sep 2007 20:11 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Procitaj sledecu temu: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Nakon toga napravi log uz pomoc programa HijackThis, onako kako je opisano u toj temi, i postavi ga ovde.

Profil

BaDMaN19 Poslao: 07 Sep 2007 00:35 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eve log od HijackThis ama jas kako sto gledam ne pisuva nikade za Invader...samo Kaspersky mi detektira LOG Logfile of HijackThis v1.99.1 Scan saved at 00:32:20, on 07.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\ncfpsys.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenVPN\bin\openvpn.exe C:\Program Files\Opera\Opera.exe C:\Program Files\DAP\DAP.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\WINDOWS\system32\ncfpsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://E:\Interface\IntraLaunch.CAB O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Profil

bobby Poslao: 07 Sep 2007 00:40 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Promeni ime foldera u kojem se nalazi HijackThis u recimo TR2, kao i ime HijackThis.exe u TR2.exe i napravi novi log. Neke infekcije se sakrivaju kada vide HijackThis medju procesima, zato je potrebno da ime foldera i samog fajla ne podsecaju na HijackThis. Kazi mi u kojem fajlu KAV prijavljuje tog Invadera i koje je puno ime Invadera.

Profil

BaDMaN19 Poslao: 07 Sep 2007 01:02 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eve go noviot LOG... koristam Kaspersky Interner Security 7.0 i otkako go instalirav na sekoj process ili bilo koj Exe fajl mi go javuva Logfile of HijackThis v1.99.1 Scan saved at 00:46:44, on 07.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\ncfpsys.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenVPN\bin\openvpn.exe C:\Program Files\Opera\Opera.exe C:\Program Files\DAP\DAP.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\tr2\tr2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\WINDOWS\system32\ncfpsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://E:\Interface\IntraLaunch.CAB O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Dopuna: 07 Sep 2007 1:02 Eve Log od Kaspersky.. toa e samo del za Invader detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe detected: riskware Invader Running process: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE detected: riskware Invader Running process: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe detected: riskware Invader Running process: C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe detected: riskware Invader Running process: C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRStateCheck.exe detected: riskware Invader Running process: C:\Program Files\ABBYY PDF Transformer 2.0\PDFTransformer.exe detected: riskware Invader Running process: C:\Program Files\OpenVPN\Uninstall.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\~nsu.tmp\Au_.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsv4.tmp\ns5.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsv4.tmp\ns6.tmp detected: riskware Invader Running process: D:\Miki\Downloads\Wireless\openvpn-2.0.5-gui-1.0.3-install.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns9.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsA.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsB.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsC.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns10.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns11.tmp detected: riskware Invader Running process: C:\Program Files\YuRecnik\YuRecnik.exe detected: riskware Invader Running process: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe deleted: virus Worm.Win32.Delf.ca File: G:\antihost.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsq9.tmp\nsA.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsq9.tmp\nsB.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\nsE.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\nsF.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns10.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns11.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns15.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns16.tmp detected: riskware Invader Running process: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE detected: riskware Invader Running process: C:\Program Files\WinZip\WINZIP32.EXE detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsk349.tmp\ns34A.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsk349.tmp\ns34B.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns34E.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns34F.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns350.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns351.tmp detected: riskware Invader Running process: C:\Program Files\OpenVPN\bin\tapinstall.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns354.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns355.tmp detected: riskware Invader Running process: C:\Program Files\MSN Messenger\msnmsgr.exe detected: riskware Invader Running process: C:\WINDOWS\system32\userinit.exe detected: riskware Invader Running process: C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXEnum.exe detected: riskware Invader Running process: C:\Program Files\mIRC\mirc.exe detected: riskware Invader Running process: C:\Program Files\WinRAR\WinRAR.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nss4.tmp\ns5.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nss4.tmp\ns6.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns9.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsA.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsB.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsC.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns10.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns11.tmp detected: riskware Invader Running process: C:\Documents and Settings\PC\My Documents\My Completed Downloads\setup.exe not found: adware not-a-virus:AdWare.Win32.BHO.db File: C:\DOCUME~1\PC\LOCALS~1\Temp\ofb installer.$$A detected: riskware Invader Running process: C:\Documents and Settings\PC\Desktop\Razno\password-protect-usb\password-protect-usb.exe detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\is-OQQEP.tmp\is-ILH23.tmp detected: riskware Invader Running process: C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe detected: riskware Invader Running process: C:\Program Files\DAP\DAP.exe

Profil

bobby Poslao: 07 Sep 2007 07:22 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kaspersky javlja 'riskware Invader' kada jedan proces pokusava da se injektuje u drugi. To ne mora da znaci da je kompjuter inficiran, posto ima i gomile legitimnih procesa koji se injektuju. Daj mi sledece informacije: - da li si ti instalirao IIS? To je MS-ov web server - imas li jos uvek instalirano nesto od Symanteca, recimo Norton programe?

Profil

BaDMaN19 Poslao: 07 Sep 2007 08:55 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam instalirano IIS probuvav ednas za FTP Server ama imav problemi i go izbrisav i taka... pred Kaspersky imav Norton AntiVirus 2007 ama go izbrisav so pomos na Norton Removal Tool. A ne znam Invader dali e viurs ili ne..Na nekoi Viruslisti pisuva deka e nekoj si virus od 1990... Pozdrav pisi

Profil

bobby Poslao: 07 Sep 2007 09:09 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Norton ti nije lepo deinstaliran. Skini ponovo najnoviji Norton Removal Tool i pokusaj ponovo da ga uklonis: http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml Sto se tice Riskware Invadera, to je detekcija od strane Proactive Defense u tvom Kasperskom. To je heuristicka detekcija koja bi trebala da omoguci da tvoj Kaspersky onemoguci akcije onih virusa/malwarea koje jos nema u definicijama. Ta tehnologija je koliko dobra toliko i losa, posto moze da zbuni u jako puno slucajeva. Puno puta smo ljudima savetovali da iskljuce Proactive Defense u KAV-u ukoliko nisu dobri poznavaoci toga kako funkcionisu antivirus programi i malware. HJT log je cist. Uradicemo sada jos jedan log uz pomoc programa GMER. Ukoliko se ni tu ne pokaze nista sporno, onda bih te savetovao da iskljucis Proactive Defense u KAV-u. Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

Profil

BaDMaN19 Poslao: 07 Sep 2007 09:40 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eve rezultati od GMER ____________________ GMER 1.0.13.12551 - gmer.net Rootkit scan 2007-09-07 09:39:03 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadDriver SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT kl1.sys ZwOpenFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSystemDebugControl SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.13 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP F4E47790 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP F4E47C90 \??\C:\WINDOWS\system32\drivers\klif.sys ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ---- User code sections - GMER 1.0.13 ---- .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\System32\svchost.exe[304] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\svchost.exe[304] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spoolsv.exe[1040] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [ 70, 11, 7C, 00 ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Program Files\Opera\Opera.exe[1504] advapi32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Program Files\Opera\Opera.exe[1504] advapi32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\system32\csrss.exe[1628] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\csrss.exe[1628] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\system32\winlogon.exe[1652] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\winlogon.exe[1652] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\system32\services.exe[1696] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\services.exe[1696] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ADVAPI32.DLL!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ADVAPI32.DLL!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\WINDOWS\Explorer.EXE[2336] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[2336] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [ F0, 00, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [ 60, 01, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C555 7C9C5920 4 Bytes [ F0, 00, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C651 7C9C5A1C 4 Bytes [ F0, 07, D6, 02 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C66D 7C9C5A38 4 Bytes [ 60, 01, 4A, 01 ] .text ... .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFree + 24F 7C9E2B50 4 Bytes [ 50, 0C, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFree + 6B7 7C9E2FB8 4 Bytes [ 10, 0E, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHLoadOLE + 5F 7C9E305C 4 Bytes [ 70, 0B, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!IsNetDrive + CDD 7C9EAD1C 4 Bytes [ 10, 07, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!IsNetDrive + D01 7C9EAD40 4 Bytes [ 10, 0E, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 195 7C9EB96C 4 Bytes [ 10, 07, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 133D 7C9ECB14 4 Bytes [ 90, 0A, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 1355 7C9ECB2C 4 Bytes [ 10, 0E, D6, 02 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 28C5 7C9EE09C 4 Bytes [ 80, 07, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 2921 7C9EE0F8 4 Bytes [ F0, 07, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 460E 7C9F4C7C 4 Bytes [ 60, 08, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 462E 7C9F4C9C 4 Bytes [ C0, 05, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 4666 7C9F4CD4 4 Bytes [ 50, 05, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DllCanUnloadNow + 7F7 7CA01DB0 4 Bytes [ A0, 0D, D6, 02 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHGetMalloc + 340 7CA02324 4 Bytes [ 00, 0B, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ShellExecuteExW + 220A 7CA0F808 4 Bytes [ C0, 0C, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 3A8F 7CA237A0 4 Bytes [ B0, 09, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 417F 7CA23E90 4 Bytes [ 60, 0F, 4A, 01 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 4257 7CA23F68 4 Bytes [ 90, 0A, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 42FF 7CA24010 4 Bytes [ 10, 00, D6, 02 ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 431F 7CA24030 4 Bytes [ 50, 0C, 43, 7D ] .text ... .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!InternalExtractIconListA + 235F 7CA2B8A8 4 Bytes [ A0, 0D, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!InternalExtractIconListA + 241B 7CA2B964 4 Bytes [ 20, 0A, 43, 7D ] .text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHGetSetFolderCustomSettingsW + EE6 7CA2C9F4 4 Bytes [ F0, 0E, 43, 7D ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ] .text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A .text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A .text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A .text C:\Program Files\DAP\DAP.EXE[2828] advapi32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A .text C:\Program Files\DAP\DAP.EXE[2828] advapi32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ] .text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!Nt

Profil

bobby Poslao: 07 Sep 2007 09:44 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi i ostatak u sledecoj poruci, posto ovde nije mogao da stane kompletan log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Invader HELP

Ko je trenutno na forumu

Ukupno su 844 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 799 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Belac91, bojcistv, cavatina, ccoogg123, cenejac111, comi_pfc, dane007, Denaya, doktor123, draganca, Još malo pa deda, kalens021, Karla, kikisp, Krusarac, Kubovac, kunktator, menges, Metanoja, Milenaaa, Milometer, mnn2, nemkea71, nuke92, panzerwaffe, S2M, sasa87, Simon simonović, Singidunumac, solic, stankolich, Steeeefan, theNedjeljko, Tvrtko I, Webb, wizzardone, zdrebac, zillbg, Zimbabwe, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by