Možda tražite i:
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?
Problem sa pretrazivacima

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pretraživačima - virusi

Problem sa pretraživačima - virusi

Napisano na dan: 4.10.2007

Problem sa pretraživačima - virusi

Sledeća strana

Pagination

Odgovori

kauboj01 Poslao: 04 Okt 2007 07:06 Idi na vrh
offline kauboj01 Novi MyCity građanin Pridružio: 20 Avg 2006 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:43:39 AM, on 9/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\UltraVNC\winvnc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Svenska\Desktop\SMS RADIO\radio.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: DTemp.lnk = C:\Program Files\HDD Drive Temperature 1.0RC4\DTemp.exe O4 - Global Startup: UltraVNC Server.lnk = C:\Program Files\UltraVNC\winvnc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: WinAccestor.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - mediastream.tvoj-inter.net/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf3A7C.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) Desava nam se kada izadjemo preko bilo kog pretrazivaca da nas posalje na neke nezeljene adrese .Znaci kada nam izbaci pronadjeno sto nas interesuje i kada kliknemo na to (u google) baci nas na drugu adresu ili sajt (yatomash,pimash itd.) Nadamo se da je ovaj nas problem resiv. radio-sajkaska@hotmail.com ili radiosajkaska@yahoo.com Hvala unapred za pomoc!

Profil

dr_Bora Poslao: 04 Okt 2007 08:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, kauboj01... Za početak pronađi i upakuj u jedan zip sledeće file-ove: C:\Documents and Settings\Svenska\Desktop\SMS RADIO\radio.exe C:\WINDOWS\mf3A7C.dll C:\WINDOWS\System32\ups.exe WinAccestor.exe (za ovim je potrebno izvršiti pretragu po donjem uputstvu) i uploaduj taj zip file preko ovog linka: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Pretraga: idi na Start> Search>For Files or Folders Tu odaberi All files and folders. Na sledecem ekranu klikni na More advanced options i uveri se da su ukljucene sledece opcije: Search system folders Search hidden files and folders Search subfolders Malo vislje, u polju Look in: treba da su prikazane oznake svih lokalnih particija. Sada u skroz gornje polje All or part of the file name unesi sledece: WinAccestor.exe Klikni na dugme Search. Ukoliko file bude pronađen, uploaduj ga zajedno sa ostalima. ------------------------------------------------------------------------------------- Premesti program HijackThis.exe u zaseban folder (npr. napravi na Desktop-u novi folder čiije ime ni na koji način ne upućuje na HijackThis pa ga tamo iskopiraj). Takođe, preimenuj file ''HijackThis.exe'' u ''tr3.exe'', a zatim postavi novi HT log file.

Profil

kauboj01 Poslao: 06 Okt 2007 09:13 Idi na vrh
offline kauboj01 Novi MyCity građanin Pridružio: 20 Avg 2006 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nismo uspesno pronasli sve sto je trazeno jer nema na racunaru.Poslali smo Vam ovo preostalo.

Profil

dr_Bora Poslao: 06 Okt 2007 11:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je za početak da isključimo rezidentne zaštite reg. baze kako ne bi ometale proces čišćenja. Isprati sledeća uputstva: Spybot S&D's Teatimer Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Spyware Doctor Kliknite na Spyware Doctor ikonicu u System Tray-u. Kliknite na Settings. Pod Pick a Category kliknite na Startup Settings. Destiklirajte Run at Windows startup. Kliknite na Apply i ugasite Spyware Doctor desnim klikom na Spyware Doctor ikonicu u System Tray-u i odabirom opcije Exit. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ------------------------------------------------------------------------------------- Pokreni HijackThis, skeniraj i štikliraj sledeće linije: R3 - Default URLSearchHook is missing O4 - Global Startup: WinAccestor.exe O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://mediastream.tvoj-inter.net/ampx_en_dl.cab O18 - Filter: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf3A7C.dll zatvori sve prozore Internet Explorer-a a zatim klikni na Fix Checked. ------------------------------------------------------------------------------------- Restartuj kompjuter u Safe Mode po sledećem uputstvu: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html Pronađi i obriši file: C:\WINDOWS\mf3A7C.dll Restartuj kompjuter u Normal Mode. ------------------------------------------------------------------------------------- Preuzmi ComboFix: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira jer ume da se zaglavi ukoliko ga "uznemiravaš". Sledi uputstva na ekranu. Kada završi pojaviće se log koji ćeš nam ovde iskopirati kao i novi HT log.

Profil

kauboj01 Poslao: 07 Okt 2007 12:40 Idi na vrh
offline kauboj01 Novi MyCity građanin Pridružio: 20 Avg 2006 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-10-07.1 - Svenska 2007-10-07 12:18:33.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.186 [GMT 2:00] Running from: C:\Program Files\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Svenska\ravmonlog C:\WINDOWS\system32\MSSbs.sys . ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 12:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-07 12:12 1,519,528 --a------ C:\Program Files\ComboFix.exe 2007-10-05 07:54 <DIR> d--hs---- C:\FOUND.008 2007-10-01 13:01 28,556,584 --a------ C:\Program Files\avg75free_488a1138.exe 2007-09-30 18:21 <DIR> d-------- C:\Program Files\Microsoft VM 2007-09-30 15:46 <DIR> d-------- C:\Program Files\MSN Messenger 2007-09-30 15:20 18,895,728 --a------ C:\Program Files\Install_Messenger.exe 2007-09-30 11:30 <DIR> d-------- C:\Program Files\SpywareGuard 2007-09-30 11:27 2,062,665 --a------ C:\Program Files\spywareguardsetup.exe 2007-09-29 06:25 <DIR> d-------- C:\Program Files\Funnsystems YuMp3Com-User-Authorization 2007-09-27 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-27 21:24 7,467,056 --a------ C:\Program Files\spybotsd15.exe 2007-09-27 08:46 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-09-27 08:38 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-09-27 08:38 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-09-27 08:38 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-09-26 22:38 2,374,472 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-09-26 22:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-26 22:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-09-26 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-09-26 09:05 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-09-26 09:05 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-09-26 09:05 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-09-26 09:05 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-09-26 09:05 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-09-26 09:05 25,944 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-09-26 09:05 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-09-26 09:05 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-09-26 09:04 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-09-24 10:13 165,376 --a------ C:\WINDOWS\mf3A7C.dll 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-29 10:43 9951 --a------ C:\Program Files\hijackthis.log 2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-01 14:17 --------- d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-09-01 14:05 --------- d-------- C:\Program Files\IVT Corporation 2007-08-27 22:14 --------- d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-22 11:58 484869 --a------ C:\Program Files\soundeffect.exe 2007-07-19 07:30 2871168 --a------ C:\Program Files\setuppad.exe 2007-07-19 06:35 4038506 --a------ C:\Program Files\audioextractor.exe 2007-07-16 15:28 17477888 --a------ C:\Program Files\20070715-002-i32.exe 2007-07-12 06:54 7841147 --a------ C:\Program Files\audioeditor.exe 2007-04-16 09:44 641636 --a------ C:\Program Files\MP3Gain.zip 2007-03-17 12:55 1058664 --a------ C:\Program Files\SpeededMeter.rar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="sm56hlpr.exe" [2004-12-28 23:01 C:\WINDOWS\sm56hlpr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35] "nwiz"="nwiz.exe" [2005-08-02 16:35 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 16:35] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 12:32] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 22:22] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2007-07-18 15:44] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 09:37] "ctfmon.exe"="ctfmon.exe" [2001-02-20 13:09 C:\WINDOWS\system32\CTFMON.EXE] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-01 14:05:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ConfirmFileDelete"=0 (0x0) "NoDesktopCleanupWizard"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "NoSharedDocuments"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoResolveTrack"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "NoInternetIcon"=1 (0x1) "NoSharedDocuments"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoWindowsUpdate"=1 (0x1) "NoResolveTrack"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService LmHosts upnphost SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{109c5590-f9b1-11db-8d1e-00500435acd7}] Auto\command- AdobeR.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccc454d0-354f-11dc-8d7c-00500435acd7}] Auto\command- tel.xls.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd41de90-d0c4-11db-8cce-00500435acd7}] Auto\command- F:\AdobeR.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-10-07 12:29:53 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-07 12:34:29 C:\ComboFix-quarantined-files.txt ... 2007-10-07 12:34 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 12:37:54 PM, on 10/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Svenska\Desktop\virush\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: DTemp.lnk = C:\Program Files\HDD Drive Temperature 1.0RC4\DTemp.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{174A80CF-6439-4DBD-90C7-2C542C8E62AE}: NameServer = 194.106.162.2,194.106.162.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

Profil

dr_Bora Poslao: 07 Okt 2007 14:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi li obrisao file: C:\WINDOWS\mf3A7C.dll ? Ukoliko nisi, učini to sada. ------------------------------------------------------------------------------------- U logovima su vidljivi tragovi infekcije koja se prenosi putem USB flash drive-ova, mp3 playera i sl. Kako bi se izvršilo čišćenje HDD-a i pomenutih drive-ova, isprati sledeće uputstvo. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. U polju za pisanje poruke na forumu klikni desno dugme miša i odaberi opciju Paste. ------------------------------------------------------------------------------------- U idućoj poruci, uz Gmer log, napiši i da li i dalje postoje problemi koje si pomenuo pri otvaranju teme.

Profil

kauboj01 Poslao: 11 Okt 2007 14:12 Idi na vrh
offline kauboj01 Novi MyCity građanin Pridružio: 20 Avg 2006 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! MOLIMO TE DA NE OBJAVLJUJES OVU PORUKU NA FORUMU ZBOG PREGLEDA SAMOG RACUNARA IAKO NISTA STRASNO NIJE.RESEN NAM JE PROBLEM SA PRETRAZIVACIMA I EVO SALJEMO TI ONO STO SI TRAZIO. GMER 1.0.13.12551 - gmer.net Rootkit scan 2007-10-11 14:06:38 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT 81A1A418 ZwAlertResumeThread SSDT 81A1B418 ZwAlertThread SSDT 81A116E8 ZwAllocateVirtualMemory SSDT 81AEB430 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey SSDT 81A17418 ZwCreateMutant SSDT 81A12488 ZwCreateThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey SSDT 827E3460 ZwFreeVirtualMemory SSDT 81A18418 ZwImpersonateAnonymousToken SSDT 81A19418 ZwImpersonateThread SSDT 82648DD0 ZwMapViewOfSection SSDT 81A16418 ZwOpenEvent SSDT 827E3428 ZwOpenProcessToken SSDT 82118DB8 ZwOpenThreadToken SSDT 827DB468 ZwResumeThread SSDT 827D7718 ZwSetContextThread SSDT 82764520 ZwSetInformationProcess SSDT 827D7750 ZwSetInformationThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey SSDT 81A15418 ZwSuspendProcess SSDT 81A1E418 ZwSuspendThread SSDT 827DE468 ZwTerminateProcess SSDT 827D7788 ZwTerminateThread SSDT 827D8420 ZwUnmapViewOfSection SSDT 81A11618 ZwWriteVirtualMemory Code 809B3BFD IoReadTransferCount ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!_abnormal_termination + 445 804E2AA1 3 Bytes [ E4, A1, 81 ] ? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. ---- User code sections - GMER 1.0.13 ---- .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[268] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[376] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\nvsvc32.exe[420] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\sdhelp.exe[484] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[500] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\csrss.exe[616] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[640] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\services.exe[684] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[684] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[684] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[856] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[916] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wdfmgr.exe[992] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1012] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[1268] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\Explorer.EXE[1324] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[1412] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Real\Update_OB\rndal.exe[1508] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1568] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\sm56hlpr.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\sm56hlpr.exe[1728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\sm56hlpr.exe[1728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\sm56hlpr.exe[1728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\sm56hlpr.exe[1728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\sm56hlpr.exe[1728] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1988] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\CTHELPER.EXE[1996] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2028] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\Svenska\LOCALS~1\Temp\Rar$EX01.295\gmer.exe[2224] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wuauclt.exe[2416] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdoctor.exe[2552] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[2584] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\WINDOWS\System32\alg.exe[2584] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\WINDOWS\System32\alg.exe[2584] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[2584] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[2584] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2940] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F150F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F110F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\Program Files\WinRAR\WinRAR.exe[3236] GDI32.dll!Escape 77F273BC 6 Bytes JMP 5F0D0F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\WinRAR\WinRAR.exe[3236] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\sdhelp.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B098] C:\Program Files\Spyware Doctor\sdhelp.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2552] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [004299EC] C:\Program Files\Spyware Doctor\swdoctor.exe ---- Devices - GMER 1.0.13 ---- AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F5B6D180] SYMTDI.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F75DB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F75DB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F75DB454] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F75DB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F75CEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F75CEF4C] fltMgr.sys ---- EOF - GMER 1.0.13 ----

Profil

dr_Bora Poslao: 11 Okt 2007 14:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kauboj01 ::MOLIMO TE DA NE OBJAVLJUJES OVU PORUKU NA FORUMU ZBOG PREGLEDA SAMOG RACUNARA IAKO NISTA STRASNO NIJE.RESEN NAM JE PROBLEM SA PRETRAZIVACIMA I EVO SALJEMO TI ONO STO SI TRAZIO. Evo, zbunio si me. Pa sam si postavio poruku u ovoj temi. U svakom slučaju, nikakvi lični podaci se ne nalaze u ovom logu, ako se o tome radi. ------------------------------------------------------------------------------------- Ovde je sada sve u redu. Potrebno je još da isključimo System Restore, i da ga nakon restarta ponovo uključimo kako bi uklonili malware koji se možda tamo ''zavukao'': Iskljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Stiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. Restartuj kompjuter. Ukljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Destiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. ------------------------------------------------------------------------------------- Time smo završili ovu priču... Pozdrav...

Profil

kauboj01 Poslao: 12 Okt 2007 09:08 Idi na vrh
offline kauboj01 Novi MyCity građanin Pridružio: 20 Avg 2006 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To bi bilo to onda, nastavljamo dalje saradnju cim se nesto ponovo desi.Super je sve odradjeno.HVALA LEPO!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pretraživačima - virusi

Ko je trenutno na forumu

Ukupno su 822 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 775 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, bankulen, Belac91, bokisha253, Boris BM, Brana01, CikaKURE, darkangel, Dimitrise93, DPera, dushan, galerija, Georgius, ikan, Kaplar2, Karla, Kubovac, laurusri, mercedesamg, milos.cbr, MilosKop, MiroslavD, Oscar, ozzy, pein, procesor, radoznao, RJ, ruger357, sasa87, shone34, Sirius, Srle993, stalja, stegonosa, suton, Tvrtko I, uruk, vathra, zixmix, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by