Invader HELP

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dali e nekoj zapoznaen so ovoj Virus/Malware i kako i da e ... I dali znae nacin kako da go otstranam... Se vcituva vo procesite

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Procitaj sledecu temu:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Nakon toga napravi log uz pomoc programa HijackThis, onako kako je opisano u toj temi, i postavi ga ovde.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Eve log od HijackThis ama jas kako sto gledam ne pisuva nikade za Invader...samo Kaspersky mi detektira

LOG
Logfile of HijackThis v1.99.1
Scan saved at 00:32:20, on 07.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\ncfpsys.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\WINDOWS\system32\ncfpsys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://E:\Interface\IntraLaunch.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Promeni ime foldera u kojem se nalazi HijackThis u recimo TR2, kao i ime HijackThis.exe u TR2.exe i napravi novi log.
Neke infekcije se sakrivaju kada vide HijackThis medju procesima, zato je potrebno da ime foldera i samog fajla ne podsecaju na HijackThis.

Kazi mi u kojem fajlu KAV prijavljuje tog Invadera i koje je puno ime Invadera.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Eve go noviot LOG... koristam Kaspersky Interner Security 7.0 i otkako go instalirav na sekoj process ili bilo koj Exe fajl mi go javuva

Logfile of HijackThis v1.99.1
Scan saved at 00:46:44, on 07.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\ncfpsys.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\tr2\tr2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\WINDOWS\system32\ncfpsys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://E:\Interface\IntraLaunch.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Dopuna: 07 Sep 2007 1:02

Eve Log od Kaspersky.. toa e samo del za Invader

detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe
detected: riskware Invader Running process: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
detected: riskware Invader Running process: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
detected: riskware Invader Running process: C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
detected: riskware Invader Running process: C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRStateCheck.exe
detected: riskware Invader Running process: C:\Program Files\ABBYY PDF Transformer 2.0\PDFTransformer.exe
detected: riskware Invader Running process: C:\Program Files\OpenVPN\Uninstall.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\~nsu.tmp\Au_.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsv4.tmp\ns5.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsv4.tmp\ns6.tmp
detected: riskware Invader Running process: D:\Miki\Downloads\Wireless\openvpn-2.0.5-gui-1.0.3-install.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns9.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsA.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsB.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\nsC.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns10.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsx8.tmp\ns11.tmp
detected: riskware Invader Running process: C:\Program Files\YuRecnik\YuRecnik.exe
detected: riskware Invader Running process: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
deleted: virus Worm.Win32.Delf.ca File: G:\antihost.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsq9.tmp\nsA.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsq9.tmp\nsB.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\nsE.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\nsF.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns10.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns11.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns15.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nssD.tmp\ns16.tmp
detected: riskware Invader Running process: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE
detected: riskware Invader Running process: C:\Program Files\WinZip\WINZIP32.EXE
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsk349.tmp\ns34A.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsk349.tmp\ns34B.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns34E.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns34F.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns350.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns351.tmp
detected: riskware Invader Running process: C:\Program Files\OpenVPN\bin\tapinstall.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns354.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nsu34D.tmp\ns355.tmp
detected: riskware Invader Running process: C:\Program Files\MSN Messenger\msnmsgr.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\userinit.exe
detected: riskware Invader Running process: C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXEnum.exe
detected: riskware Invader Running process: C:\Program Files\mIRC\mirc.exe
detected: riskware Invader Running process: C:\Program Files\WinRAR\WinRAR.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nss4.tmp\ns5.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nss4.tmp\ns6.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns9.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsA.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsB.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\nsC.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns10.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\nse8.tmp\ns11.tmp
detected: riskware Invader Running process: C:\Documents and Settings\PC\My Documents\My Completed Downloads\setup.exe
not found: adware not-a-virus:AdWare.Win32.BHO.db File: C:\DOCUME~1\PC\LOCALS~1\Temp\ofb installer.$$A
detected: riskware Invader Running process: C:\Documents and Settings\PC\Desktop\Razno\password-protect-usb\password-protect-usb.exe
detected: riskware Invader Running process: C:\Documents and Settings\PC\Local Settings\Temp\is-OQQEP.tmp\is-ILH23.tmp
detected: riskware Invader Running process: C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
detected: riskware Invader Running process: C:\Program Files\DAP\DAP.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kaspersky javlja 'riskware Invader' kada jedan proces pokusava da se injektuje u drugi.
To ne mora da znaci da je kompjuter inficiran, posto ima i gomile legitimnih procesa koji se injektuju.

Daj mi sledece informacije:
- da li si ti instalirao IIS? To je MS-ov web server
- imas li jos uvek instalirano nesto od Symanteca, recimo Norton programe?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam instalirano IIS probuvav ednas za FTP Server ama imav problemi i go izbrisav i taka... pred Kaspersky imav Norton AntiVirus 2007 ama go izbrisav so pomos na Norton Removal Tool. A ne znam Invader dali e viurs ili ne..Na nekoi Viruslisti pisuva deka e nekoj si virus od 1990...

Pozdrav pisi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Norton ti nije lepo deinstaliran.
Skini ponovo najnoviji Norton Removal Tool i pokusaj ponovo da ga uklonis:
http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml

Sto se tice Riskware Invadera, to je detekcija od strane Proactive Defense u tvom Kasperskom. To je heuristicka detekcija koja bi trebala da omoguci da tvoj Kaspersky onemoguci akcije onih virusa/malwarea koje jos nema u definicijama. Ta tehnologija je koliko dobra toliko i losa, posto moze da zbuni u jako puno slucajeva.
Puno puta smo ljudima savetovali da iskljuce Proactive Defense u KAV-u ukoliko nisu dobri poznavaoci toga kako funkcionisu antivirus programi i malware.

HJT log je cist. Uradicemo sada jos jedan log uz pomoc programa GMER. Ukoliko se ni tu ne pokaze nista sporno, onda bih te savetovao da iskljucis Proactive Defense u KAV-u.

Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Eve rezultati od GMER
____________________
GMER 1.0.13.12551 - gmer.net
Rootkit scan 2007-09-07 09:39:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSystemDebugControl
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP F4E47790 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP F4E47C90 \??\C:\WINDOWS\system32\drivers\klif.sys
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\System32\svchost.exe[304] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\System32\svchost.exe[304] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[304] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1040] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1140] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1168] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [ 70, 11, 7C, 00 ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Opera\Opera.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Program Files\Opera\Opera.exe[1504] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Program Files\Opera\Opera.exe[1504] advapi32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Program Files\Opera\Opera.exe[1504] advapi32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\system32\csrss.exe[1628] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\system32\csrss.exe[1628] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\csrss.exe[1628] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[1652] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\system32\services.exe[1696] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\system32\services.exe[1696] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[1696] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1760] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ADVAPI32.DLL!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Program Files\OpenVPN\bin\openvpn.exe[2024] ADVAPI32.DLL!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[2336] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[2336] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\WINDOWS\Explorer.EXE[2336] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[2336] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [ F0, 00, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [ 60, 01, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C555 7C9C5920 4 Bytes [ F0, 00, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C651 7C9C5A1C 4 Bytes [ F0, 07, D6, 02 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!StrStrW + FFE2C66D 7C9C5A38 4 Bytes [ 60, 01, 4A, 01 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFree + 24F 7C9E2B50 4 Bytes [ 50, 0C, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFree + 6B7 7C9E2FB8 4 Bytes [ 10, 0E, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHLoadOLE + 5F 7C9E305C 4 Bytes [ 70, 0B, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!IsNetDrive + CDD 7C9EAD1C 4 Bytes [ 10, 07, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!IsNetDrive + D01 7C9EAD40 4 Bytes [ 10, 0E, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 195 7C9EB96C 4 Bytes [ 10, 07, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 133D 7C9ECB14 4 Bytes [ 90, 0A, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 1355 7C9ECB2C 4 Bytes [ 10, 0E, D6, 02 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 28C5 7C9EE09C 4 Bytes [ 80, 07, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ILFindChild + 2921 7C9EE0F8 4 Bytes [ F0, 07, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 460E 7C9F4C7C 4 Bytes [ 60, 08, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 462E 7C9F4C9C 4 Bytes [ C0, 05, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHCreateShellFolderView + 4666 7C9F4CD4 4 Bytes [ 50, 05, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DllCanUnloadNow + 7F7 7CA01DB0 4 Bytes [ A0, 0D, D6, 02 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHGetMalloc + 340 7CA02324 4 Bytes [ 00, 0B, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!ShellExecuteExW + 220A 7CA0F808 4 Bytes [ C0, 0C, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 3A8F 7CA237A0 4 Bytes [ B0, 09, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 417F 7CA23E90 4 Bytes [ 60, 0F, 4A, 01 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 4257 7CA23F68 4 Bytes [ 90, 0A, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 42FF 7CA24010 4 Bytes [ 10, 00, D6, 02 ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!DragQueryFileAorW + 431F 7CA24030 4 Bytes [ 50, 0C, 43, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!InternalExtractIconListA + 235F 7CA2B8A8 4 Bytes [ A0, 0D, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!InternalExtractIconListA + 241B 7CA2B964 4 Bytes [ 20, 0A, 43, 7D ]
.text C:\WINDOWS\Explorer.EXE[2336] SHELL32.dll!SHGetSetFolderCustomSettingsW + EE6 7CA2C9F4 4 Bytes [ F0, 0E, 43, 7D ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ADVAPI32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\PC\Desktop\gmer\gmer.exe[2404] ADVAPI32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAP\DAP.EXE[2828] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F200F5A
.text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Program Files\DAP\DAP.EXE[2828] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F230F5A
.text C:\Program Files\DAP\DAP.EXE[2828] advapi32.dll!RegSetValueExA 77DDEBE7 6 Bytes JMP 5F160F5A
.text C:\Program Files\DAP\DAP.EXE[2828] advapi32.dll!RegSetValueA 77DE6F49 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\Winamp\winamp.exe[4028] ntdll.dll!Nt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi i ostatak u sledecoj poruci, posto ovde nije mogao da stane kompletan log.