Zamulony komp

chalk · 12 Kwiecień 2007 11:44

komp mi strasznie zamula strony włączają sie bardzo wolno. załączam loga z combofixa. z góry dzięki za pomoc.

“Blemer” - 07-04-12 13:02:25 Dodatek Service Pack 2 ComboFix 07-03-23 - Running from: “C:\Documents and Settings\Blemer\Pulpit\Nowy folder” ((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 )))))))))))))))))))))))))))))))))) 2007-04-12 12:32 2007-04-12 09:23 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-04-12 00:03 131,072 --a------ C:\WINDOWS\system32\EraserDemo.dll 2007-04-12 00:03 2007-04-11 23:28 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-04-11 21:52 2007-04-11 21:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-04-11 21:51 249,856 --------- C:\WINDOWS\Setup1.exe 2007-04-09 23:54 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-08 13:47 208,384 --a------ C:\WINDOWS\ADS.exe 2007-04-08 13:45 2007-04-04 23:13 2007-04-01 14:30 2007-03-31 18:28 2007-03-28 17:22 3,870,720 --a------ C:\WINDOWS\system32\qt-mt323.dll 2007-03-28 17:22 2007-03-28 00:20 2007-03-27 11:33 2007-03-27 11:33 2007-03-27 11:16 2007-03-26 12:40 2007-03-26 12:40 2007-03-26 12:39 2007-03-26 11:12 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-03-26 11:11 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-03-26 11:11 57,344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-03-26 11:11 45,056 --a------ C:\WINDOWS\system32\avldr.dll 2007-03-26 11:11 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-03-26 11:11 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-03-26 11:11 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll 2007-03-26 11:11 242,708 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-03-26 11:11 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-03-26 11:11 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-03-26 11:11 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-03-26 11:11 16,256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-03-26 11:11 141,312 --a------ C:\WINDOWS\system32\drivers\netflt.sys 2007-03-26 11:11 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-03-26 11:11 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-03-26 11:11 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-03-26 11:11 2007-03-26 11:10 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-03-26 11:10 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-03-26 11:08 2007-03-26 11:08 2007-03-26 10:42 2007-03-25 23:52 2007-03-25 23:52 2007-03-25 23:52 2007-03-25 23:52 2007-03-25 21:13 463,747 —hs---- C:\WINDOWS\system32\sttss.bak1 2007-03-25 17:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 00:26 2007-03-24 18:20 2007-03-24 16:04 2007-03-23 23:36 2007-03-23 15:45 2007-03-23 10:59 9,488 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-21 22:19 2007-03-17 15:21 81,920 --a------ C:\WINDOWS\system32\InstallDll.dll 2007-03-17 15:21 45,056 --a------ C:\WINDOWS\system32\Base64.dll 2007-03-17 00:20 2007-03-16 23:08 2007-03-16 16:55 2007-03-16 16:55 2007-03-13 00:08 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-12 12:51 -------- d-------- C:\Program Files\netmeter 2007-04-12 12:44 -------- d-------- C:\Program Files\flashget 2007-04-12 11:20 -------- d-------- C:\Program Files\winamp 2007-04-12 11:16 -------- d-------- C:\Program Files\gadu-gadu 2007-04-11 23:36 -------- d–h----- C:\Program Files\installshield installation information 2007-04-11 15:13 -------- d-------- C:\Program Files\Common Files\onet.pl 2007-04-10 17:56 -------- d-------- C:\Program Files\mapeciĄtka 2007-04-09 23:53 12338 --a------ C:\WINDOWS\mozver.dat 2007-04-09 23:53 10096 --a------ C:\WINDOWS\unins000.dat 2007-04-08 17:16 -------- d-------- C:\Program Files\ffdshow 2007-04-04 22:39 4728 --a------ C:\DOCUME~1\Blemer\DANEAP~1\cabos.plist 2007-04-03 22:56 -------- d-------- C:\Program Files\movie maker 2007-04-03 09:58 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-04-01 01:32 -------- d-------- C:\Program Files\media player classic 2007-03-27 12:03 -------- d-------- C:\Program Files\quicktime 2007-03-26 21:06 -------- d-------- C:\Program Files\xnview 2007-03-26 11:19 68334 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-26 11:19 439194 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-24 12:01 -------- d-------- C:\Program Files\irfanview 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-12 23:41 2004 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-11 14:59 737280 --a------ C:\WINDOWS\iun6002.exe 2007-03-10 19:25 -------- d-------- C:\Program Files\Common Files\teleca shared 2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-07 13:15 -------- d-------- C:\Program Files\screamer radio 2007-03-05 23:41 -------- d-------- C:\Program Files\mozilla.org 2007-03-05 00:17 53 --a------ C:\WINDOWS\nsreg2.dat 2007-03-02 12:47 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\fltk.org 2007-02-28 22:48 -------- d-------- C:\Program Files\onet 2007-02-28 22:48 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\kamerzysta 2007-02-28 22:48 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\czat 2007-02-28 22:48 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\autoupdate 2007-02-26 20:38 -------- d-------- C:\Program Files\real alternative 2007-02-26 20:38 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\real 2007-02-25 16:55 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\winrar 2007-02-25 15:04 -------- d-------- C:\Program Files\speedfan 2007-02-25 13:55 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\help 2007-02-24 15:16 -------- d-------- C:\Program Files\lavalys 2007-02-20 12:38 -------- d-------- C:\Program Files\photofiltre 2007-02-17 00:08 -------- d-------- C:\Program Files\xvid 2007-02-16 23:50 -------- d-------- C:\Program Files\divx 2007-02-16 14:52 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\xnview 2007-02-13 14:24 -------- d-------- C:\Program Files\bohemia interactive 2007-02-05 22:19 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-02 15:35 100482 --a------ C:\WINDOWS\uninstallfirefox.exe 2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-02-01 06:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-02-01 06:56 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 23:27 524288 --a------ C:\WINDOWS\system32\divxsm.exe 2007-01-31 13:37 62 --ahs---- C:\DOCUME~1\Blemer\DANEAP~1\desktop.ini 2007-01-31 12:50 0 -rahs---- C:\MSDOS.SYS 2007-01-31 12:50 0 -rahs---- C:\IO.SYS 2007-01-31 12:50 0 --a------ C:\CONFIG.SYS 2007-01-31 12:50 0 --a------ C:\AUTOEXEC.BAT 2007-01-31 12:47 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-01-31 01:15 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe 2007-01-30 07:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-26 03:19 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-01-26 03:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-26 03:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-26 03:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-26 03:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-26 03:13 593920 --a------ C:\WINDOWS\system32\dpugui11.dll 2007-01-26 03:13 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-01-26 03:13 53248 --a------ C:\WINDOWS\system32\dpugui10.dll 2007-01-26 03:13 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-01-26 03:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-25 19:31 88952 --a------ C:\WINDOWS\system32\packet.dll 2007-01-25 19:31 68480 --a------ C:\WINDOWS\system32\wanpacket.dll 2007-01-25 19:31 53299 --a------ C:\WINDOWS\system32\pthreadvc.dll 2007-01-25 19:31 240496 --a------ C:\WINDOWS\system32\wpcap.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “AVPDWIN”="“C:\Program Files\Panda Software\Panda Demo\pandasft.exe”" “APVXDWIN”="“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s" “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE " “item”=“Adobe Reader Synchronizer” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk” “backup”=“C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray” “item”=“ATI CATALYST – pasek zadań” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”” “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ADS” “hkey”=“HKCU” “command”=“C:\Windows\ADS.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Ares” “hkey”=“HKCU” “command”="“C:\Program Files\Ares\Ares.exe” -h" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“cli” “hkey”=“HKLM” “command”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“bittorrent” “hkey”=“HKCU” “command”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NewAutoUpdate” “hkey”=“HKLM” “command”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPal] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PalAgnt” “hkey”=“HKCU” “command”="“C:\Program Files\PCPal\PalAgnt.exe” /startup" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Steam” “hkey”=“HKCU” “command”=“C:\Valve\Steam\Steam.exe -silent” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SUPERAntiSpyware” “hkey”=“HKCU” “command”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-12 13:05:16

adam9870 · 12 Kwiecień 2007 12:32

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\ST6UNST.EXE

C:\WINDOWS\Setup1.exe

C:\WINDOWS\ADS.exe

C:\WINDOWS\system32\sttss.bak1

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Użyj VundoFix w trybie awaryjnym.

Po wykonaniu wklej nowy log z ComboFix, zawartość pliku c:\vundofix.txt plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

chalk · 12 Kwiecień 2007 19:34

Wykonałem. vundofix nie wykrył infekcji wiec loga nie wkejam a pozostałe to:

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-12 21:33:34 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT Vax347b.sys ZwClose SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey SSDT Vax347b.sys ZwCreatePagingFile SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey SSDT Vax347b.sys ZwSetSystemPowerState SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey SSDT ??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess SSDT ??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread SSDT ??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\PavSRK.sys Nie można odnaleźć określonego pliku. ? C:\WINDOWS\system32\PavTPK.sys Nie można odnaleźć określonego pliku. ? system32\drivers\av5flt.sys Nie można odnaleźć określonego pliku. ? C:\WINDOWS\system32\DRIVERS\COMFiltr.sys Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [4A, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6B, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [4D, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [6E, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [50, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F910F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8E0F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 5F9D0F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!BeginDeferWindowPos 7E36D907 6 Bytes JMP 5F8B0F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [9B, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 5F940F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!CreateAcceleratorTableW 7E37D3C1 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!CreateAcceleratorTableW + 4 7E37D3C5 2 Bytes [A1, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 5FA30F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 5F880F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!AttachThreadInput 7E381E12 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] USER32.dll!AttachThreadInput + 4 7E381E16 2 Bytes [98, 5F] .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ole32.dll!CoCreateInstanceEx 774EFA6B 6 Bytes JMP 5F850F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ole32.dll!CoGetClassObject 77505DB2 6 Bytes JMP 5F820F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ole32.dll!CLSIDFromProgID 775142CC 6 Bytes JMP 5F7F0F5A .text C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe[1136] ole32.dll!CLSIDFromProgIDEx 775461FE 6 Bytes JMP 5F7C0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [4A, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6B, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [4D, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [6E, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [50, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [53, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [56, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [59, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [5C, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [71, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [5F, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [62, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [74, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [77, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [65, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [68, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [7A, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [47, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [44, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!CloseServiceHandle 77DD5E4D 6 Bytes JMP 5F100F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!OpenServiceW 77DD6165 6 Bytes JMP 5F220F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!ControlService 77DDB635 6 Bytes JMP 5F130F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!OpenServiceA 77DDB88C 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!StartServiceW 77DDBBAC 6 Bytes JMP 5F280F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!StartServiceA 77DE3238 6 Bytes JMP 5F250F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!LsaAddAccountRights 77E0A9A1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!LsaRemoveAccountRights 77E0AA41 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 6 Bytes JMP 5F040F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 6 Bytes JMP 5F070F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 5F160F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [1A, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ADVAPI32.dll!DeleteService 77E27311 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA60F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F910F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8E0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 5F9D0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!BeginDeferWindowPos 7E36D907 6 Bytes JMP 5F8B0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [9B, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 5F940F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!CreateAcceleratorTableW 7E37D3C1 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!CreateAcceleratorTableW + 4 7E37D3C5 2 Bytes [A1, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 5FA30F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 5F880F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!AttachThreadInput 7E381E12 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] USER32.dll!AttachThreadInput + 4 7E381E16 2 Bytes [98, 5F] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ole32.dll!CoCreateInstanceEx 774EFA6B 6 Bytes JMP 5F850F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ole32.dll!CoGetClassObject 77505DB2 6 Bytes JMP 5F820F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ole32.dll!CLSIDFromProgID 775142CC 6 Bytes JMP 5F7F0F5A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1896] ole32.dll!CLSIDFromProgIDEx 775461FE 6 Bytes JMP 5F7C0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [4A, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6B, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [4D, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [6E, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [50, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [53, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [56, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [59, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [5C, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [71, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [5F, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [62, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [74, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [77, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [65, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [68, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [7A, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [47, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [44, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!CloseServiceHandle 77DD5E4D 6 Bytes JMP 5F100F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!OpenServiceW 77DD6165 6 Bytes JMP 5F220F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!ControlService 77DDB635 6 Bytes JMP 5F130F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!OpenServiceA 77DDB88C 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!StartServiceW 77DDBBAC 6 Bytes JMP 5F280F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!StartServiceA 77DE3238 6 Bytes JMP 5F250F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!LsaAddAccountRights 77E0A9A1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!LsaRemoveAccountRights 77E0AA41 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 6 Bytes JMP 5F040F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 6 Bytes JMP 5F070F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 5F160F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [1A, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ADVAPI32.dll!DeleteService 77E27311 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA60F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F910F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8E0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 5F9D0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!BeginDeferWindowPos 7E36D907 6 Bytes JMP 5F8B0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [9B, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 5F940F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!CreateAcceleratorTableW 7E37D3C1 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!CreateAcceleratorTableW + 4 7E37D3C5 2 Bytes [A1, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 5FA30F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 5F880F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!AttachThreadInput 7E381E12 3 Bytes [FF, 25, 1E] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] USER32.dll!AttachThreadInput + 4 7E381E16 2 Bytes [98, 5F] .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ole32.dll!CoCreateInstanceEx 774EFA6B 6 Bytes JMP 5F850F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ole32.dll!CoGetClassObject 77505DB2 6 Bytes JMP 5F820F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ole32.dll!CLSIDFromProgID 775142CC 6 Bytes JMP 5F7F0F5A .text C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe[3200] ole32.dll!CLSIDFromProgIDEx 775461FE 6 Bytes JMP 5F7C0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [4C, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6D, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [4F, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [70, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [52, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [55, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [58, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [5B, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [5E, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [73, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [61, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [64, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [76, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [79, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [67, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [6A, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [7C, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [49, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F330F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3C0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F360F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [40, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [46, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [43, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F390F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA80F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F930F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F900F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 5F9F0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!BeginDeferWindowPos 7E36D907 6 Bytes JMP 5F8D0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [9D, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 5F960F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!CreateAcceleratorTableW 7E37D3C1 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!CreateAcceleratorTableW + 4 7E37D3C5 2 Bytes [A3, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 5FA50F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 5F8A0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!AttachThreadInput 7E381E12 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] USER32.dll!AttachThreadInput + 4 7E381E16 2 Bytes [9A, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!CloseServiceHandle 77DD5E4D 6 Bytes JMP 5F100F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!OpenServiceW 77DD6165 6 Bytes JMP 5F220F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!ControlService 77DDB635 6 Bytes JMP 5F130F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!OpenServiceA 77DDB88C 6 Bytes JMP 5F1F0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!StartServiceW 77DDBBAC 6 Bytes JMP 5F2A0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!StartServiceA 77DE3238 6 Bytes JMP 5F250F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!LsaAddAccountRights 77E0A9A1 6 Bytes JMP 5F2D0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!LsaRemoveAccountRights 77E0AA41 6 Bytes JMP 5F300F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 6 Bytes JMP 5F070F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 6 Bytes JMP 5F0A0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 6 Bytes JMP 5F0D0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 5F160F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [1A, 5F] .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ADVAPI32.dll!DeleteService 77E27311 6 Bytes JMP 5F1C0F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ole32.dll!CoCreateInstanceEx 774EFA6B 6 Bytes JMP 5F870F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ole32.dll!CoGetClassObject 77505DB2 6 Bytes JMP 5F840F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ole32.dll!CLSIDFromProgID 775142CC 6 Bytes JMP 5F810F5A .text C:\DOCUME~1\Blemer\USTAWI~1\Temp\Rar$EX00.484\gmer.exe[3212] ole32.dll!CLSIDFromProgIDEx 775461FE 6 Bytes JMP 5F7E0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [4A, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6B, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [4D, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [6E, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [50, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [53, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [56, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [59, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [5C, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [71, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [5F, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [62, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [74, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [77, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [65, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [68, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [7A, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [47, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [44, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!CloseServiceHandle 77DD5E4D 6 Bytes JMP 5F100F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!OpenServiceW 77DD6165 6 Bytes JMP 5F220F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!ControlService 77DDB635 6 Bytes JMP 5F130F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!OpenServiceA 77DDB88C 6 Bytes JMP 5F1F0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!StartServiceW 77DDBBAC 6 Bytes JMP 5F280F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!StartServiceA 77DE3238 6 Bytes JMP 5F250F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!LsaAddAccountRights 77E0A9A1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!LsaRemoveAccountRights 77E0AA41 6 Bytes JMP 5F2E0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 6 Bytes JMP 5F040F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 6 Bytes JMP 5F070F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 6 Bytes JMP 5F0A0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 6 Bytes JMP 5F0D0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 5F160F5A .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [1A, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] ADVAPI32.dll!DeleteService 77E27311 6 Bytes JMP 5F1C0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA60F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F910F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8E0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 5F9D0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!BeginDeferWindowPos 7E36D907 6 Bytes JMP 5F8B0F5A .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [9B, 5F] .text C:\Program Files\BitComet\BitComet.exe[3740] USER32.dll!GetAsyn