Po włączeniu komputera sama włącza się muzyka


(system) #1

Dzisiaj jak co dzień rano włączyłem komputer i po kilku minutach od włączenia ni stąd ni zowąd zaczęła mi grać muzyka. Nie uruchamiałem żadnego odtwarzacza i nic z tych rzeczy... Restartowałem komputer kilkukrotnie i nadal ta muzyka grała. Co dziwiniejsze jest to że nie jest to muzyka którą miałem na komputerze. Wydaję mi się że to jakieś radio ale sam nie wiem. Jedynym charakterystycznym znakiem jest taki sam motyw muzyczny który pojawia się na początku odtwarzania. Proszę o pomoc bo jestem przerażony tą sytuacją :frowning:


(Lukaszptak) #2

A może to było po prostu jakieś wideo lub audio umieszczone na którejś z przeglądanych przez Ciebie stron www. Być może nawet nie zauważyłeś, że na którejś stronie był klip audio bądź nawet wideo.


(niezDarek) #3

jesteś w sieci LAN ??

zobacz w tray'u nie masz jakieś nieznanej aplikacji, dobrze by było gdybyś na wszelki wypadek na początek dał logi przynajmniej z Hijackthis

hijackthis-rsit-otl-dds-inne-instrukcja-t36654.html


(Ziomek Zemsty) #4

Spróbuj zrobić tak -> wejdź w START -> URUCHOM i wpisz msconfig następnie wejdź w zakładkę uruchamianie. Tam sprawdź, które programy włączają ci się po starcie systemu i ewentualnie jakieś odznacz. Może będzie tam też ta muzyka. :?: :?


(system) #5

No i zrobiłem wszystko to co było tu napisane ale ta muzyka nadal gra. Sam już nie wiem co o tym myśleć. Boję się że mam jakiegoś wirusa... Tylko jak go usunąć


(deFco247) #6

Nie bój się. :slight_smile:

Jeśli są wirusy, to się je usunie.

Pokaż logi z OTL

(Na Windows Vista uruchamiamy program z menu Uruchom jako Administrator... )

oraz GMER.

W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj.


(system) #7

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-29 23:01:05

Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF71A0514]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF718F282]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF718F474]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF71A0D00]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF71A0FB8]

SSDT spqp.sys ZwEnumerateKey [0xF72A4CA4]

SSDT spqp.sys ZwEnumerateValueKey [0xF72A5032]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF719F3FA]

SSDT spqp.sys ZwQueryKey [0xF72A510A]

SSDT spqp.sys ZwQueryValueKey [0xF72A4F8A]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF71A1422]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF71A07D8]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF718EF32]

INT 0x62 ? 8636FBF8

INT 0x63 ? 8617DBF8

INT 0x83 ? 863DEBF8

Code 86339500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? spqp.sys Nie można odnaleźć określonego pliku. !

.text USBPORT.SYS!DllUnload F6AD462C 5 Bytes JMP 8617D1D8

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 027D0001

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[312] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00930001

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[496] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\csrss.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\csrss.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\csrss.exe[640] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 015F0001

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01430001

.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01730001

.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01260001

.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Spyware Doctor\pctsSvc.exe[792] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\Ati2evxx.exe[888] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01120001

.text C:\WINDOWS\system32\Ati2evxx.exe[888] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[888] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AE0001

.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CE0001

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01FD0001

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C70001

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] USER32.dll!SetWindowsHookExW 77D5E621 6 Bytes JMP 5F320F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[1140] USER32.dll!SetWindowsHookExA 77D602B2 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]


(deFco247) #8

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.