Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 (endret) For og ser alle filer husk og gjør dette. Kontrolpanel->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Ta en scann med denne. Last ned OTViewIt til skrivebordet. Steng alle vinduer dobbelklikk på OTviewlt. Merk av på "scan all user" boks. KLikk på "Run Scan" la programmet kjøre. Ferdig vil den lage to logger,post OTViewIt.txt og Extras.txt i din neste post. Edit ja nå var OTviewlt nede,kjør combofix. Legg logger i spoiler. logg her linken funker ikke nå står det : 404 NOT FOUND Endret 12. juni 2009 av Mitosuke Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 (endret) Nå er PEV.exe filen tilbake -> sjekket det pga. msn messenger åpnet seg uten at jeg var borti den. Oppdatert: Wow, jeg avinstallerte combofix og hadde tilfeldig windows mappen der PEV.exe var i bakgrunnen. Etter at jeg avinstallerte combofix forsvant noen filer samt PEV.exe filen en etter en i løpet av 5-10sec etter at vinduet som varsler at Combofix er avinstallert poppet opp. Endret 12. juni 2009 av Mitosuke Lenke til kommentar
snippsat Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 (endret) Last ned combofix på nytt og kjør den. Endret 12. juni 2009 av SNIPPSAT Lenke til kommentar
dozer22 Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 Vurdert å kjøre GMER? Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 (endret) Klikk for å se/fjerne spoilerteksten nedenfor GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-12 21:07:29 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code \??\C:\DOCUME~1\Mitosuke\LOKALE~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\Mitosuke\LOKALE~1\Temp\catchme.sys Systemet finner ikke angitt fil. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Systemet finner ikke angitt fil. ! ? C:\DOCUME~1\Mitosuke\LOKALE~1\Temp\eyz6A9G1.sys Systemet finner ikke angitt fil. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys (DrWeb Protection for Windows/Doctor Web, Ltd.) ---- Threads - GMER 1.0.15 ---- Thread DrWeb32w.exe [3604:2204] SSDT 0x85549008 != 0x804E48B0 SSDT 84C00DAF DrWeb32w.exe [3604.2204] ZwAcceptConnectPort SSDT 84BF94DD DrWeb32w.exe [3604.2204] ZwAccessCheck SSDT 84C0D5D8 DrWeb32w.exe [3604.2204] ZwAccessCheckAndAuditAlarm SSDT 84C12AF2 DrWeb32w.exe [3604.2204] ZwAccessCheckByType SSDT 84C0D65F DrWeb32w.exe [3604.2204] ZwAccessCheckByTypeAndAuditAlarm SSDT 84CB7776 DrWeb32w.exe [3604.2204] ZwAccessCheckByTypeResultList SSDT 84CB98FF DrWeb32w.exe [3604.2204] ZwAccessCheckByTypeResultListAndAuditAlarm SSDT 84CB9948 DrWeb32w.exe [3604.2204] ZwAccessCheckByTypeResultListAndAuditAlarmByHandle SSDT 84BF5AF3 DrWeb32w.exe [3604.2204] ZwAddAtom SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwAddBootEntry SSDT 84CB6F37 DrWeb32w.exe [3604.2204] ZwAdjustGroupsToken SSDT 84C0CAC3 DrWeb32w.exe [3604.2204] ZwAdjustPrivilegesToken SSDT 84CAF24E DrWeb32w.exe [3604.2204] ZwAlertResumeThread SSDT 84BFD97F DrWeb32w.exe [3604.2204] ZwAlertThread SSDT 84C12052 DrWeb32w.exe [3604.2204] ZwAllocateLocallyUniqueId SSDT 84CA6072 DrWeb32w.exe [3604.2204] ZwAllocateUserPhysicalPages SSDT 84C24CB9 DrWeb32w.exe [3604.2204] ZwAllocateUuids SSDT 84BE8FB2 DrWeb32w.exe [3604.2204] ZwAllocateVirtualMemory SSDT 84C5D6E1 DrWeb32w.exe [3604.2204] ZwAreMappedFilesTheSame SSDT 84C5E2E8 DrWeb32w.exe [3604.2204] ZwAssignProcessToJobObject SSDT 84B5CEC4 DrWeb32w.exe [3604.2204] ZwCallbackReturn SSDT 84CC762B DrWeb32w.exe [3604.2204] ZwCancelDeviceWakeupRequest SSDT 84C55A6A DrWeb32w.exe [3604.2204] ZwCancelIoFile SSDT 84B64822 DrWeb32w.exe [3604.2204] ZwCancelTimer SSDT 84BE88C4 DrWeb32w.exe [3604.2204] ZwClearEvent SSDT 84BE793F DrWeb32w.exe [3604.2204] ZwClose SSDT 84C0D208 DrWeb32w.exe [3604.2204] ZwCloseObjectAuditAlarm SSDT 84CCD951 DrWeb32w.exe [3604.2204] ZwCompactKeys SSDT 84C0C72F DrWeb32w.exe [3604.2204] ZwCompareTokens SSDT 84C013C9 DrWeb32w.exe [3604.2204] ZwCompleteConnectPort SSDT 84CCDBBF DrWeb32w.exe [3604.2204] ZwCompressKey SSDT 84C0C08E DrWeb32w.exe [3604.2204] ZwConnectPort SSDT 84B5922D DrWeb32w.exe [3604.2204] ZwContinue SSDT 84CD8934 DrWeb32w.exe [3604.2204] ZwCreateDebugObject SSDT 84C4A4E1 DrWeb32w.exe [3604.2204] ZwCreateDirectoryObject SSDT 84BEE467 DrWeb32w.exe [3604.2204] ZwCreateEvent SSDT 84CC7C90 DrWeb32w.exe [3604.2204] ZwCreateEventPair SSDT 84BF2184 DrWeb32w.exe [3604.2204] ZwCreateFile SSDT 84C12DD5 DrWeb32w.exe [3604.2204] ZwCreateIoCompletion SSDT 84C47839 DrWeb32w.exe [3604.2204] ZwCreateJobObject SSDT 84CAF6F7 DrWeb32w.exe [3604.2204] ZwCreateJobSet SSDT 84BEFD6F DrWeb32w.exe [3604.2204] ZwCreateKey SSDT 84C551CB DrWeb32w.exe [3604.2204] ZwCreateMailslotFile SSDT 84BFA41F DrWeb32w.exe [3604.2204] ZwCreateMutant SSDT 84C0218A DrWeb32w.exe [3604.2204] ZwCreateNamedPipeFile SSDT 84C30399 DrWeb32w.exe [3604.2204] ZwCreatePagingFile SSDT 84C18A38 DrWeb32w.exe [3604.2204] ZwCreatePort SSDT 84C2C038 DrWeb32w.exe [3604.2204] ZwCreateProcess SSDT 84C04744 DrWeb32w.exe [3604.2204] ZwCreateProcessEx SSDT 84CC82C7 DrWeb32w.exe [3604.2204] ZwCreateProfile SSDT 84BE5E25 DrWeb32w.exe [3604.2204] ZwCreateSection SSDT 84BF4CF9 DrWeb32w.exe [3604.2204] ZwCreateSemaphore SSDT 84C5D2CD DrWeb32w.exe [3604.2204] ZwCreateSymbolicLinkObject SSDT 84BFEA6E DrWeb32w.exe [3604.2204] ZwCreateThread SSDT 84C59AEC DrWeb32w.exe [3604.2204] ZwCreateTimer SSDT 84C258F6 DrWeb32w.exe [3604.2204] ZwCreateToken SSDT 84C4B2AC DrWeb32w.exe [3604.2204] ZwCreateWaitablePort SSDT 84CD9AAD DrWeb32w.exe [3604.2204] ZwDebugActiveProcess SSDT 84CD9C07 DrWeb32w.exe [3604.2204] ZwDebugContinue SSDT 84BE6B59 DrWeb32w.exe [3604.2204] ZwDelayExecution SSDT 84C0F8AF DrWeb32w.exe [3604.2204] ZwDeleteAtom SSDT 84CC762B DrWeb32w.exe [3604.2204] ZwDeleteBootEntry SSDT 84C53902 DrWeb32w.exe [3604.2204] ZwDeleteFile SSDT 84C17837 DrWeb32w.exe [3604.2204] ZwDeleteKey SSDT 84CB99A3 DrWeb32w.exe [3604.2204] ZwDeleteObjectAuditAlarm SSDT 84C1648E DrWeb32w.exe [3604.2204] ZwDeleteValueKey SSDT 84C01E85 DrWeb32w.exe [3604.2204] ZwDeviceIoControlFile SSDT 84C31838 DrWeb32w.exe [3604.2204] ZwDisplayString SSDT 84BF4629 DrWeb32w.exe [3604.2204] ZwDuplicateObject SSDT 84BFA853 DrWeb32w.exe [3604.2204] ZwDuplicateToken SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwEnumerateBootEntries SSDT 84BF0EE4 DrWeb32w.exe [3604.2204] ZwEnumerateKey SSDT 84CC7617 DrWeb32w.exe [3604.2204] ZwEnumerateSystemEnvironmentValuesEx SSDT 84C02F3E DrWeb32w.exe [3604.2204] ZwEnumerateValueKey SSDT 84CA5031 DrWeb32w.exe [3604.2204] ZwExtendSection SSDT 84C4C8E4 DrWeb32w.exe [3604.2204] ZwFilterToken SSDT 84C152EE DrWeb32w.exe [3604.2204] ZwFindAtom SSDT 84BFD6C9 DrWeb32w.exe [3604.2204] ZwFlushBuffersFile SSDT 84BFF3DB DrWeb32w.exe [3604.2204] ZwFlushInstructionCache SSDT 84C5C4BB DrWeb32w.exe [3604.2204] ZwFlushKey SSDT 84C60238 DrWeb32w.exe [3604.2204] ZwFlushVirtualMemory SSDT 84CA68CF DrWeb32w.exe [3604.2204] ZwFlushWriteBuffer SSDT 84CA6425 DrWeb32w.exe [3604.2204] ZwFreeUserPhysicalPages SSDT 84BE94AC DrWeb32w.exe [3604.2204] ZwFreeVirtualMemory SSDT 84BFAF33 DrWeb32w.exe [3604.2204] ZwFsControlFile SSDT 84CAD1D1 DrWeb32w.exe [3604.2204] ZwGetContextThread SSDT 84CAB697 DrWeb32w.exe [3604.2204] ZwGetDevicePowerState SSDT 84C1B74F DrWeb32w.exe [3604.2204] ZwGetPlugPlayEvent SSDT 84BB7629 DrWeb32w.exe [3604.2204] ZwGetWriteWatch SSDT 84C185ED DrWeb32w.exe [3604.2204] ZwImpersonateAnonymousToken SSDT 84C0BB33 DrWeb32w.exe [3604.2204] ZwImpersonateClientOfPort SSDT 84BFFE95 DrWeb32w.exe [3604.2204] ZwImpersonateThread SSDT 84C4AA9D DrWeb32w.exe [3604.2204] ZwInitializeRegistry SSDT 84CAB463 DrWeb32w.exe [3604.2204] ZwInitiatePowerAction SSDT 84CAF5AB DrWeb32w.exe [3604.2204] ZwIsProcessInJob SSDT 84CAB67E DrWeb32w.exe [3604.2204] ZwIsSystemResumeAutomatic SSDT 84C4A90C DrWeb32w.exe [3604.2204] ZwListenPort SSDT 84C49D0C DrWeb32w.exe [3604.2204] ZwLoadDriver SSDT 84C4CDAD DrWeb32w.exe [3604.2204] ZwLoadKey SSDT 84C4CBFB DrWeb32w.exe [3604.2204] ZwLoadKey2 SSDT 84C0FE5E DrWeb32w.exe [3604.2204] ZwLockFile SSDT 84C4C143 DrWeb32w.exe [3604.2204] ZwLockProductActivationKeys SSDT 84C4637B DrWeb32w.exe [3604.2204] ZwLockRegistryKey SSDT 84C29C9B DrWeb32w.exe [3604.2204] ZwLockVirtualMemory SSDT 84C5D4D5 DrWeb32w.exe [3604.2204] ZwMakePermanentObject SSDT 84C5D59C DrWeb32w.exe [3604.2204] ZwMakeTemporaryObject SSDT 84CA56CE DrWeb32w.exe [3604.2204] ZwMapUserPhysicalPages SSDT 84CA5B27 DrWeb32w.exe [3604.2204] ZwMapUserPhysicalPagesScatter SSDT 84BF34DB DrWeb32w.exe [3604.2204] ZwMapViewOfSection SSDT 84CC762B DrWeb32w.exe [3604.2204] ZwModifyBootEntry SSDT 84C100F5 DrWeb32w.exe [3604.2204] ZwNotifyChangeDirectoryFile SSDT 84C144D2 DrWeb32w.exe [3604.2204] ZwNotifyChangeKey SSDT 84C142E4 DrWeb32w.exe [3604.2204] ZwNotifyChangeMultipleKeys SSDT 84C01C65 DrWeb32w.exe [3604.2204] ZwOpenDirectoryObject SSDT 84C03193 DrWeb32w.exe [3604.2204] ZwOpenEvent SSDT 84CC7D83 DrWeb32w.exe [3604.2204] ZwOpenEventPair SSDT 84BF22F8 DrWeb32w.exe [3604.2204] ZwOpenFile SSDT 84C98CEB DrWeb32w.exe [3604.2204] ZwOpenIoCompletion SSDT 84CAF94F DrWeb32w.exe [3604.2204] ZwOpenJobObject SSDT 84BEACC8 DrWeb32w.exe [3604.2204] ZwOpenKey SSDT 84BFA4CD DrWeb32w.exe [3604.2204] ZwOpenMutant SSDT 84C6148B DrWeb32w.exe [3604.2204] ZwOpenObjectAuditAlarm SSDT 84BF4ABD DrWeb32w.exe [3604.2204] ZwOpenProcess SSDT 84BEF752 DrWeb32w.exe [3604.2204] ZwOpenProcessToken SSDT 84BEF6A9 DrWeb32w.exe [3604.2204] ZwOpenProcessTokenEx SSDT 84BF390A DrWeb32w.exe [3604.2204] ZwOpenSection SSDT 84C5D653 DrWeb32w.exe [3604.2204] ZwOpenSemaphore SSDT 84C01BE8 DrWeb32w.exe [3604.2204] ZwOpenSymbolicLinkObject SSDT 84C147B4 DrWeb32w.exe [3604.2204] ZwOpenThread SSDT 84BEDF16 DrWeb32w.exe [3604.2204] ZwOpenThreadToken SSDT 84BEDE10 DrWeb32w.exe [3604.2204] ZwOpenThreadTokenEx SSDT 84CC7BB9 DrWeb32w.exe [3604.2204] ZwOpenTimer SSDT 84C1A235 DrWeb32w.exe [3604.2204] ZwPlugPlayControl SSDT 84C5F40F DrWeb32w.exe [3604.2204] ZwPowerInformation SSDT 84C1A530 DrWeb32w.exe [3604.2204] ZwPrivilegeCheck SSDT 84C24DFF DrWeb32w.exe [3604.2204] ZwPrivilegeObjectAuditAlarm SSDT 84C4BD76 DrWeb32w.exe [3604.2204] ZwPrivilegedServiceAuditAlarm SSDT 84BF4DD2 DrWeb32w.exe [3604.2204] ZwProtectVirtualMemory SSDT 84C4B204 DrWeb32w.exe [3604.2204] ZwPulseEvent SSDT 84BF82B4 DrWeb32w.exe [3604.2204] ZwQueryAttributesFile SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwQueryBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwQueryBootOptions SSDT 84B72B89 DrWeb32w.exe [3604.2204] ZwQueryDebugFilterState SSDT 84BE7139 DrWeb32w.exe [3604.2204] ZwQueryDefaultLocale SSDT 84C02965 DrWeb32w.exe [3604.2204] ZwQueryDefaultUILanguage SSDT 84BF53AA DrWeb32w.exe [3604.2204] ZwQueryDirectoryFile SSDT 84C081C8 DrWeb32w.exe [3604.2204] ZwQueryDirectoryObject SSDT 84C98F34 DrWeb32w.exe [3604.2204] ZwQueryEaFile SSDT 84C019CF DrWeb32w.exe [3604.2204] ZwQueryEvent SSDT 84BFD16F DrWeb32w.exe [3604.2204] ZwQueryFullAttributesFile SSDT 84C4851A DrWeb32w.exe [3604.2204] ZwQueryInformationAtom SSDT 84BF3A7B DrWeb32w.exe [3604.2204] ZwQueryInformationFile SSDT 84C04E4B DrWeb32w.exe [3604.2204] ZwQueryInformationJobObject SSDT 84CA2CD1 DrWeb32w.exe [3604.2204] ZwQueryInformationPort SSDT 84BEDFFA DrWeb32w.exe [3604.2204] ZwQueryInformationProcess SSDT 84BED656 DrWeb32w.exe [3604.2204] ZwQueryInformationThread SSDT 84BEE540 DrWeb32w.exe [3604.2204] ZwQueryInformationToken SSDT 84C015BA DrWeb32w.exe [3604.2204] ZwQueryInstallUILanguage SSDT 84CC8777 DrWeb32w.exe [3604.2204] ZwQueryIntervalProfile SSDT 84C98DAC DrWeb32w.exe [3604.2204] ZwQueryIoCompletion SSDT 84BF0AE4 DrWeb32w.exe [3604.2204] ZwQueryKey SSDT 84CCD374 DrWeb32w.exe [3604.2204] ZwQueryMultipleValueKey SSDT 84CC80FC DrWeb32w.exe [3604.2204] ZwQueryMutant SSDT 84C033B8 DrWeb32w.exe [3604.2204] ZwQueryObject SSDT 84CCD57A DrWeb32w.exe [3604.2204] ZwQueryOpenSubKeys SSDT 84BE8AA7 DrWeb32w.exe [3604.2204] ZwQueryPerformanceCounter SSDT 84C997EB DrWeb32w.exe [3604.2204] ZwQueryQuotaInformationFile SSDT 84BFF828 DrWeb32w.exe [3604.2204] ZwQuerySection SSDT 84C58FD5 DrWeb32w.exe [3604.2204] ZwQuerySecurityObject SSDT 84CC6EE9 DrWeb32w.exe [3604.2204] ZwQuerySemaphore SSDT 84C01A59 DrWeb32w.exe [3604.2204] ZwQuerySymbolicLinkObject SSDT 84CC7667 DrWeb32w.exe [3604.2204] ZwQuerySystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.2204] ZwQuerySystemEnvironmentValueEx SSDT 84BFDE1C DrWeb32w.exe [3604.2204] ZwQuerySystemInformation SSDT 84BFABD8 DrWeb32w.exe [3604.2204] ZwQuerySystemTime SSDT 84C127CC DrWeb32w.exe [3604.2204] ZwQueryTimer SSDT 84C05D71 DrWeb32w.exe [3604.2204] ZwQueryTimerResolution SSDT 84BEB10C DrWeb32w.exe [3604.2204] ZwQueryValueKey SSDT 84BF7BCB DrWeb32w.exe [3604.2204] ZwQueryVirtualMemory SSDT 84BF2436 DrWeb32w.exe [3604.2204] ZwQueryVolumeInformationFile SSDT 84C12727 DrWeb32w.exe [3604.2204] ZwQueueApcThread SSDT 84B59275 DrWeb32w.exe [3604.2204] ZwRaiseException SSDT 84CC6C25 DrWeb32w.exe [3604.2204] ZwRaiseHardError SSDT 84BF7EDF DrWeb32w.exe [3604.2204] ZwReadFile SSDT 84C9A0BF DrWeb32w.exe [3604.2204] ZwReadFileScatter SSDT 84C0C5BA DrWeb32w.exe [3604.2204] ZwReadRequestData SSDT 84BFFCAC DrWeb32w.exe [3604.2204] ZwReadVirtualMemory SSDT 84BFF1BF DrWeb32w.exe [3604.2204] ZwRegisterThreadTerminatePort SSDT 84BE6BC4 DrWeb32w.exe [3604.2204] ZwReleaseMutant SSDT 84BFD2BA DrWeb32w.exe [3604.2204] ZwReleaseSemaphore SSDT 84BE75B5 DrWeb32w.exe [3604.2204] ZwRemoveIoCompletion SSDT 84CD9B82 DrWeb32w.exe [3604.2204] ZwRemoveProcessDebug SSDT 84CCD7B9 DrWeb32w.exe [3604.2204] ZwRenameKey SSDT 84CCDCAE DrWeb32w.exe [3604.2204] ZwReplaceKey SSDT 84BFA54C DrWeb32w.exe [3604.2204] ZwReplyPort SSDT 84BED635 DrWeb32w.exe [3604.2204] ZwReplyWaitReceivePort SSDT 84BED14D DrWeb32w.exe [3604.2204] ZwReplyWaitReceivePortEx SSDT 84CA2DB0 DrWeb32w.exe [3604.2204] ZwReplyWaitReplyPort SSDT 84CAB60B DrWeb32w.exe [3604.2204] ZwRequestDeviceWakeup SSDT 84C61709 DrWeb32w.exe [3604.2204] ZwRequestPort SSDT 84BF76BE DrWeb32w.exe [3604.2204] ZwRequestWaitReplyPort SSDT 84CAB404 DrWeb32w.exe [3604.2204] ZwRequestWakeupLatency SSDT 84C59E58 DrWeb32w.exe [3604.2204] ZwResetEvent SSDT 84BB7AA2 DrWeb32w.exe [3604.2204] ZwResetWriteWatch SSDT 84CCC7D2 DrWeb32w.exe [3604.2204] ZwRestoreKey SSDT 84CAF1EE DrWeb32w.exe [3604.2204] ZwResumeProcess SSDT 84BFF0E5 DrWeb32w.exe [3604.2204] ZwResumeThread SSDT 84CCC879 DrWeb32w.exe [3604.2204] ZwSaveKey SSDT 84CCC90F DrWeb32w.exe [3604.2204] ZwSaveKeyEx SSDT 84CCC9E1 DrWeb32w.exe [3604.2204] ZwSaveMergedKeys SSDT 84C005E5 DrWeb32w.exe [3604.2204] ZwSecureConnectPort SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwSetBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.2204] ZwSetBootOptions SSDT 84CAD3F7 DrWeb32w.exe [3604.2204] ZwSetContextThread SSDT 84CDB564 DrWeb32w.exe [3604.2204] ZwSetDebugFilterState SSDT 84C2B929 DrWeb32w.exe [3604.2204] ZwSetDefaultHardErrorPort SSDT 84C47EA7 DrWeb32w.exe [3604.2204] ZwSetDefaultLocale SSDT 84C47E4D DrWeb32w.exe [3604.2204] ZwSetDefaultUILanguage SSDT 84C99479 DrWeb32w.exe [3604.2204] ZwSetEaFile SSDT 84BE8835 DrWeb32w.exe [3604.2204] ZwSetEvent SSDT 84BF7298 DrWeb32w.exe [3604.2204] ZwSetEventBoostPriority SSDT 84CC8083 DrWeb32w.exe [3604.2204] ZwSetHighEventPair SSDT 84CC7FA3 DrWeb32w.exe [3604.2204] ZwSetHighWaitLowEventPair SSDT 84CD9523 DrWeb32w.exe [3604.2204] ZwSetInformationDebugObject SSDT 84BFBB70 DrWeb32w.exe [3604.2204] ZwSetInformationFile SSDT 84C4798D DrWeb32w.exe [3604.2204] ZwSetInformationJobObject SSDT 84CCCED7 DrWeb32w.exe [3604.2204] ZwSetInformationKey SSDT 84C01539 DrWeb32w.exe [3604.2204] ZwSetInformationObject SSDT 84BF80A1 DrWeb32w.exe [3604.2204] ZwSetInformationProcess SSDT 84BF70AB DrWeb32w.exe [3604.2204] ZwSetInformationThread SSDT 84C24F90 DrWeb32w.exe [3604.2204] ZwSetInformationToken SSDT 84CC82A3 DrWeb32w.exe [3604.2204] ZwSetIntervalProfile SSDT 84BED91B DrWeb32w.exe [3604.2204] ZwSetIoCompletion SSDT 84CAE107 DrWeb32w.exe [3604.2204] ZwSetLdtEntries SSDT 84CC8017 DrWeb32w.exe [3604.2204] ZwSetLowEventPair SSDT 84CC7F2F DrWeb32w.exe [3604.2204] ZwSetLowWaitHighEventPair SSDT 84C997C1 DrWeb32w.exe [3604.2204] ZwSetQuotaInformationFile SSDT 84C5B145 DrWeb32w.exe [3604.2204] ZwSetSecurityObject SSDT 84CC7904 DrWeb32w.exe [3604.2204] ZwSetSystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.2204] ZwSetSystemEnvironmentValueEx SSDT 84C5412C DrWeb32w.exe [3604.2204] ZwSetSystemInformation SSDT 84CE7103 DrWeb32w.exe [3604.2204] ZwSetSystemPowerState SSDT 84CC68D9 DrWeb32w.exe [3604.2204] ZwSetSystemTime SSDT 84C632F0 DrWeb32w.exe [3604.2204] ZwSetThreadExecutionState SSDT 84B5FA35 DrWeb32w.exe [3604.2204] ZwSetTimer SSDT 84C635B7 DrWeb32w.exe [3604.2204] ZwSetTimerResolution SSDT 84C4BF22 DrWeb32w.exe [3604.2204] ZwSetUuidSeed SSDT 84BF57D5 DrWeb32w.exe [3604.2204] ZwSetValueKey SSDT 84C99CFF DrWeb32w.exe [3604.2204] ZwSetVolumeInformationFile SSDT 84CC6027 DrWeb32w.exe [3604.2204] ZwShutdownSystem SSDT 84B93A71 DrWeb32w.exe [3604.2204] ZwSignalAndWaitForSingleObject SSDT 84CC850E DrWeb32w.exe [3604.2204] ZwStartProfile SSDT 84CC86C7 DrWeb32w.exe [3604.2204] ZwStopProfile SSDT 84CAF193 DrWeb32w.exe [3604.2204] ZwSuspendProcess SSDT 84CAF0AF DrWeb32w.exe [3604.2204] ZwSuspendThread SSDT 84CC8827 DrWeb32w.exe [3604.2204] ZwSystemDebugControl SSDT 84CAFAC1 DrWeb32w.exe [3604.2204] ZwTerminateJobObject SSDT 84C07609 DrWeb32w.exe [3604.2204] ZwTerminateProcess SSDT 84BFB7AC DrWeb32w.exe [3604.2204] ZwTerminateThread SSDT 84BFEBCD DrWeb32w.exe [3604.2204] ZwTestAlert SSDT 84BC18D0 DrWeb32w.exe [3604.2204] ZwTraceEvent SSDT 84CC7653 DrWeb32w.exe [3604.2204] ZwTranslateFilePath SSDT 84C9C3AC DrWeb32w.exe [3604.2204] ZwUnloadDriver SSDT 84CCCAA7 DrWeb32w.exe [3604.2204] ZwUnloadKey SSDT 84CCCCA4 DrWeb32w.exe [3604.2204] ZwUnloadKeyEx SSDT 84C0FFBE DrWeb32w.exe [3604.2204] ZwUnlockFile SSDT 84CA6943 DrWeb32w.exe [3604.2204] ZwUnlockVirtualMemory SSDT 84BF3063 DrWeb32w.exe [3604.2204] ZwUnmapViewOfSection SSDT 84C292CB DrWeb32w.exe [3604.2204] ZwVdmControl SSDT 84CD926E DrWeb32w.exe [3604.2204] ZwWaitForDebugEvent SSDT 84BE6CA1 DrWeb32w.exe [3604.2204] ZwWaitForMultipleObjects SSDT 84BE6265 DrWeb32w.exe [3604.2204] ZwWaitForSingleObject SSDT 84CC7EC3 DrWeb32w.exe [3604.2204] ZwWaitHighEventPair SSDT 84CC7E57 DrWeb32w.exe [3604.2204] ZwWaitLowEventPair SSDT 84BFBDF5 DrWeb32w.exe [3604.2204] ZwWriteFile SSDT 84C55D57 DrWeb32w.exe [3604.2204] ZwWriteFileGather SSDT 84C0C63E DrWeb32w.exe [3604.2204] ZwWriteRequestData SSDT 84BFFDA4 DrWeb32w.exe [3604.2204] ZwWriteVirtualMemory SSDT 84B81074 DrWeb32w.exe [3604.2204] ZwYieldExecution SSDT 84C3E48A DrWeb32w.exe [3604.2204] ZwCreateKeyedEvent SSDT 84C04996 DrWeb32w.exe [3604.2204] ZwOpenKeyedEvent SSDT 84CC8C9B DrWeb32w.exe [3604.2204] ZwReleaseKeyedEvent SSDT 84CC8F06 DrWeb32w.exe [3604.2204] ZwWaitForKeyedEvent SSDT 84CAC9F7 DrWeb32w.exe [3604.2204] ZwQueryPortInformationProcess ---- Threads - GMER 1.0.15 ---- Thread DrWeb32w.exe [3604:2928] SSDT 0x85549008 != 0x804E48B0 SSDT 84C00DAF DrWeb32w.exe [3604.2928] ZwAcceptConnectPort SSDT 84BF94DD DrWeb32w.exe [3604.2928] ZwAccessCheck SSDT 84C0D5D8 DrWeb32w.exe [3604.2928] ZwAccessCheckAndAuditAlarm SSDT 84C12AF2 DrWeb32w.exe [3604.2928] ZwAccessCheckByType SSDT 84C0D65F DrWeb32w.exe [3604.2928] ZwAccessCheckByTypeAndAuditAlarm SSDT 84CB7776 DrWeb32w.exe [3604.2928] ZwAccessCheckByTypeResultList SSDT 84CB98FF DrWeb32w.exe [3604.2928] ZwAccessCheckByTypeResultListAndAuditAlarm SSDT 84CB9948 DrWeb32w.exe [3604.2928] ZwAccessCheckByTypeResultListAndAuditAlarmByHandle SSDT 84BF5AF3 DrWeb32w.exe [3604.2928] ZwAddAtom SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwAddBootEntry SSDT 84CB6F37 DrWeb32w.exe [3604.2928] ZwAdjustGroupsToken SSDT 84C0CAC3 DrWeb32w.exe [3604.2928] ZwAdjustPrivilegesToken SSDT 84CAF24E DrWeb32w.exe [3604.2928] ZwAlertResumeThread SSDT 84BFD97F DrWeb32w.exe [3604.2928] ZwAlertThread SSDT 84C12052 DrWeb32w.exe [3604.2928] ZwAllocateLocallyUniqueId SSDT 84CA6072 DrWeb32w.exe [3604.2928] ZwAllocateUserPhysicalPages SSDT 84C24CB9 DrWeb32w.exe [3604.2928] ZwAllocateUuids SSDT 84BE8FB2 DrWeb32w.exe [3604.2928] ZwAllocateVirtualMemory SSDT 84C5D6E1 DrWeb32w.exe [3604.2928] ZwAreMappedFilesTheSame SSDT 84C5E2E8 DrWeb32w.exe [3604.2928] ZwAssignProcessToJobObject SSDT 84B5CEC4 DrWeb32w.exe [3604.2928] ZwCallbackReturn SSDT 84CC762B DrWeb32w.exe [3604.2928] ZwCancelDeviceWakeupRequest SSDT 84C55A6A DrWeb32w.exe [3604.2928] ZwCancelIoFile SSDT 84B64822 DrWeb32w.exe [3604.2928] ZwCancelTimer SSDT 84BE88C4 DrWeb32w.exe [3604.2928] ZwClearEvent SSDT 84BE793F DrWeb32w.exe [3604.2928] ZwClose SSDT 84C0D208 DrWeb32w.exe [3604.2928] ZwCloseObjectAuditAlarm SSDT 84CCD951 DrWeb32w.exe [3604.2928] ZwCompactKeys SSDT 84C0C72F DrWeb32w.exe [3604.2928] ZwCompareTokens SSDT 84C013C9 DrWeb32w.exe [3604.2928] ZwCompleteConnectPort SSDT 84CCDBBF DrWeb32w.exe [3604.2928] ZwCompressKey SSDT 84C0C08E DrWeb32w.exe [3604.2928] ZwConnectPort SSDT 84B5922D DrWeb32w.exe [3604.2928] ZwContinue SSDT 84CD8934 DrWeb32w.exe [3604.2928] ZwCreateDebugObject SSDT 84C4A4E1 DrWeb32w.exe [3604.2928] ZwCreateDirectoryObject SSDT 84BEE467 DrWeb32w.exe [3604.2928] ZwCreateEvent SSDT 84CC7C90 DrWeb32w.exe [3604.2928] ZwCreateEventPair SSDT 84BF2184 DrWeb32w.exe [3604.2928] ZwCreateFile SSDT 84C12DD5 DrWeb32w.exe [3604.2928] ZwCreateIoCompletion SSDT 84C47839 DrWeb32w.exe [3604.2928] ZwCreateJobObject SSDT 84CAF6F7 DrWeb32w.exe [3604.2928] ZwCreateJobSet SSDT 84BEFD6F DrWeb32w.exe [3604.2928] ZwCreateKey SSDT 84C551CB DrWeb32w.exe [3604.2928] ZwCreateMailslotFile SSDT 84BFA41F DrWeb32w.exe [3604.2928] ZwCreateMutant SSDT 84C0218A DrWeb32w.exe [3604.2928] ZwCreateNamedPipeFile SSDT 84C30399 DrWeb32w.exe [3604.2928] ZwCreatePagingFile SSDT 84C18A38 DrWeb32w.exe [3604.2928] ZwCreatePort SSDT 84C2C038 DrWeb32w.exe [3604.2928] ZwCreateProcess SSDT 84C04744 DrWeb32w.exe [3604.2928] ZwCreateProcessEx SSDT 84CC82C7 DrWeb32w.exe [3604.2928] ZwCreateProfile SSDT 84BE5E25 DrWeb32w.exe [3604.2928] ZwCreateSection SSDT 84BF4CF9 DrWeb32w.exe [3604.2928] ZwCreateSemaphore SSDT 84C5D2CD DrWeb32w.exe [3604.2928] ZwCreateSymbolicLinkObject SSDT 84BFEA6E DrWeb32w.exe [3604.2928] ZwCreateThread SSDT 84C59AEC DrWeb32w.exe [3604.2928] ZwCreateTimer SSDT 84C258F6 DrWeb32w.exe [3604.2928] ZwCreateToken SSDT 84C4B2AC DrWeb32w.exe [3604.2928] ZwCreateWaitablePort SSDT 84CD9AAD DrWeb32w.exe [3604.2928] ZwDebugActiveProcess SSDT 84CD9C07 DrWeb32w.exe [3604.2928] ZwDebugContinue SSDT 84BE6B59 DrWeb32w.exe [3604.2928] ZwDelayExecution SSDT 84C0F8AF DrWeb32w.exe [3604.2928] ZwDeleteAtom SSDT 84CC762B DrWeb32w.exe [3604.2928] ZwDeleteBootEntry SSDT 84C53902 DrWeb32w.exe [3604.2928] ZwDeleteFile SSDT 84C17837 DrWeb32w.exe [3604.2928] ZwDeleteKey SSDT 84CB99A3 DrWeb32w.exe [3604.2928] ZwDeleteObjectAuditAlarm SSDT 84C1648E DrWeb32w.exe [3604.2928] ZwDeleteValueKey SSDT 84C01E85 DrWeb32w.exe [3604.2928] ZwDeviceIoControlFile SSDT 84C31838 DrWeb32w.exe [3604.2928] ZwDisplayString SSDT 84BF4629 DrWeb32w.exe [3604.2928] ZwDuplicateObject SSDT 84BFA853 DrWeb32w.exe [3604.2928] ZwDuplicateToken SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwEnumerateBootEntries SSDT 84BF0EE4 DrWeb32w.exe [3604.2928] ZwEnumerateKey SSDT 84CC7617 DrWeb32w.exe [3604.2928] ZwEnumerateSystemEnvironmentValuesEx SSDT 84C02F3E DrWeb32w.exe [3604.2928] ZwEnumerateValueKey SSDT 84CA5031 DrWeb32w.exe [3604.2928] ZwExtendSection SSDT 84C4C8E4 DrWeb32w.exe [3604.2928] ZwFilterToken SSDT 84C152EE DrWeb32w.exe [3604.2928] ZwFindAtom SSDT 84BFD6C9 DrWeb32w.exe [3604.2928] ZwFlushBuffersFile SSDT 84BFF3DB DrWeb32w.exe [3604.2928] ZwFlushInstructionCache SSDT 84C5C4BB DrWeb32w.exe [3604.2928] ZwFlushKey SSDT 84C60238 DrWeb32w.exe [3604.2928] ZwFlushVirtualMemory SSDT 84CA68CF DrWeb32w.exe [3604.2928] ZwFlushWriteBuffer SSDT 84CA6425 DrWeb32w.exe [3604.2928] ZwFreeUserPhysicalPages SSDT 84BE94AC DrWeb32w.exe [3604.2928] ZwFreeVirtualMemory SSDT 84BFAF33 DrWeb32w.exe [3604.2928] ZwFsControlFile SSDT 84CAD1D1 DrWeb32w.exe [3604.2928] ZwGetContextThread SSDT 84CAB697 DrWeb32w.exe [3604.2928] ZwGetDevicePowerState SSDT 84C1B74F DrWeb32w.exe [3604.2928] ZwGetPlugPlayEvent SSDT 84BB7629 DrWeb32w.exe [3604.2928] ZwGetWriteWatch SSDT 84C185ED DrWeb32w.exe [3604.2928] ZwImpersonateAnonymousToken SSDT 84C0BB33 DrWeb32w.exe [3604.2928] ZwImpersonateClientOfPort SSDT 84BFFE95 DrWeb32w.exe [3604.2928] ZwImpersonateThread SSDT 84C4AA9D DrWeb32w.exe [3604.2928] ZwInitializeRegistry SSDT 84CAB463 DrWeb32w.exe [3604.2928] ZwInitiatePowerAction SSDT 84CAF5AB DrWeb32w.exe [3604.2928] ZwIsProcessInJob SSDT 84CAB67E DrWeb32w.exe [3604.2928] ZwIsSystemResumeAutomatic SSDT 84C4A90C DrWeb32w.exe [3604.2928] ZwListenPort SSDT 84C49D0C DrWeb32w.exe [3604.2928] ZwLoadDriver SSDT 84C4CDAD DrWeb32w.exe [3604.2928] ZwLoadKey SSDT 84C4CBFB DrWeb32w.exe [3604.2928] ZwLoadKey2 SSDT 84C0FE5E DrWeb32w.exe [3604.2928] ZwLockFile SSDT 84C4C143 DrWeb32w.exe [3604.2928] ZwLockProductActivationKeys SSDT 84C4637B DrWeb32w.exe [3604.2928] ZwLockRegistryKey SSDT 84C29C9B DrWeb32w.exe [3604.2928] ZwLockVirtualMemory SSDT 84C5D4D5 DrWeb32w.exe [3604.2928] ZwMakePermanentObject SSDT 84C5D59C DrWeb32w.exe [3604.2928] ZwMakeTemporaryObject SSDT 84CA56CE DrWeb32w.exe [3604.2928] ZwMapUserPhysicalPages SSDT 84CA5B27 DrWeb32w.exe [3604.2928] ZwMapUserPhysicalPagesScatter SSDT 84BF34DB DrWeb32w.exe [3604.2928] ZwMapViewOfSection SSDT 84CC762B DrWeb32w.exe [3604.2928] ZwModifyBootEntry SSDT 84C100F5 DrWeb32w.exe [3604.2928] ZwNotifyChangeDirectoryFile SSDT 84C144D2 DrWeb32w.exe [3604.2928] ZwNotifyChangeKey SSDT 84C142E4 DrWeb32w.exe [3604.2928] ZwNotifyChangeMultipleKeys SSDT 84C01C65 DrWeb32w.exe [3604.2928] ZwOpenDirectoryObject SSDT 84C03193 DrWeb32w.exe [3604.2928] ZwOpenEvent SSDT 84CC7D83 DrWeb32w.exe [3604.2928] ZwOpenEventPair SSDT 84BF22F8 DrWeb32w.exe [3604.2928] ZwOpenFile SSDT 84C98CEB DrWeb32w.exe [3604.2928] ZwOpenIoCompletion SSDT 84CAF94F DrWeb32w.exe [3604.2928] ZwOpenJobObject SSDT 84BEACC8 DrWeb32w.exe [3604.2928] ZwOpenKey SSDT 84BFA4CD DrWeb32w.exe [3604.2928] ZwOpenMutant SSDT 84C6148B DrWeb32w.exe [3604.2928] ZwOpenObjectAuditAlarm SSDT 84BF4ABD DrWeb32w.exe [3604.2928] ZwOpenProcess SSDT 84BEF752 DrWeb32w.exe [3604.2928] ZwOpenProcessToken SSDT 84BEF6A9 DrWeb32w.exe [3604.2928] ZwOpenProcessTokenEx SSDT 84BF390A DrWeb32w.exe [3604.2928] ZwOpenSection SSDT 84C5D653 DrWeb32w.exe [3604.2928] ZwOpenSemaphore SSDT 84C01BE8 DrWeb32w.exe [3604.2928] ZwOpenSymbolicLinkObject SSDT 84C147B4 DrWeb32w.exe [3604.2928] ZwOpenThread SSDT 84BEDF16 DrWeb32w.exe [3604.2928] ZwOpenThreadToken SSDT 84BEDE10 DrWeb32w.exe [3604.2928] ZwOpenThreadTokenEx SSDT 84CC7BB9 DrWeb32w.exe [3604.2928] ZwOpenTimer SSDT 84C1A235 DrWeb32w.exe [3604.2928] ZwPlugPlayControl SSDT 84C5F40F DrWeb32w.exe [3604.2928] ZwPowerInformation SSDT 84C1A530 DrWeb32w.exe [3604.2928] ZwPrivilegeCheck SSDT 84C24DFF DrWeb32w.exe [3604.2928] ZwPrivilegeObjectAuditAlarm SSDT 84C4BD76 DrWeb32w.exe [3604.2928] ZwPrivilegedServiceAuditAlarm SSDT 84BF4DD2 DrWeb32w.exe [3604.2928] ZwProtectVirtualMemory SSDT 84C4B204 DrWeb32w.exe [3604.2928] ZwPulseEvent SSDT 84BF82B4 DrWeb32w.exe [3604.2928] ZwQueryAttributesFile SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwQueryBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwQueryBootOptions SSDT 84B72B89 DrWeb32w.exe [3604.2928] ZwQueryDebugFilterState SSDT 84BE7139 DrWeb32w.exe [3604.2928] ZwQueryDefaultLocale SSDT 84C02965 DrWeb32w.exe [3604.2928] ZwQueryDefaultUILanguage SSDT 84BF53AA DrWeb32w.exe [3604.2928] ZwQueryDirectoryFile SSDT 84C081C8 DrWeb32w.exe [3604.2928] ZwQueryDirectoryObject SSDT 84C98F34 DrWeb32w.exe [3604.2928] ZwQueryEaFile SSDT 84C019CF DrWeb32w.exe [3604.2928] ZwQueryEvent SSDT 84BFD16F DrWeb32w.exe [3604.2928] ZwQueryFullAttributesFile SSDT 84C4851A DrWeb32w.exe [3604.2928] ZwQueryInformationAtom SSDT 84BF3A7B DrWeb32w.exe [3604.2928] ZwQueryInformationFile SSDT 84C04E4B DrWeb32w.exe [3604.2928] ZwQueryInformationJobObject SSDT 84CA2CD1 DrWeb32w.exe [3604.2928] ZwQueryInformationPort SSDT 84BEDFFA DrWeb32w.exe [3604.2928] ZwQueryInformationProcess SSDT 84BED656 DrWeb32w.exe [3604.2928] ZwQueryInformationThread SSDT 84BEE540 DrWeb32w.exe [3604.2928] ZwQueryInformationToken SSDT 84C015BA DrWeb32w.exe [3604.2928] ZwQueryInstallUILanguage SSDT 84CC8777 DrWeb32w.exe [3604.2928] ZwQueryIntervalProfile SSDT 84C98DAC DrWeb32w.exe [3604.2928] ZwQueryIoCompletion SSDT 84BF0AE4 DrWeb32w.exe [3604.2928] ZwQueryKey SSDT 84CCD374 DrWeb32w.exe [3604.2928] ZwQueryMultipleValueKey SSDT 84CC80FC DrWeb32w.exe [3604.2928] ZwQueryMutant SSDT 84C033B8 DrWeb32w.exe [3604.2928] ZwQueryObject SSDT 84CCD57A DrWeb32w.exe [3604.2928] ZwQueryOpenSubKeys SSDT 84BE8AA7 DrWeb32w.exe [3604.2928] ZwQueryPerformanceCounter SSDT 84C997EB DrWeb32w.exe [3604.2928] ZwQueryQuotaInformationFile SSDT 84BFF828 DrWeb32w.exe [3604.2928] ZwQuerySection SSDT 84C58FD5 DrWeb32w.exe [3604.2928] ZwQuerySecurityObject SSDT 84CC6EE9 DrWeb32w.exe [3604.2928] ZwQuerySemaphore SSDT 84C01A59 DrWeb32w.exe [3604.2928] ZwQuerySymbolicLinkObject SSDT 84CC7667 DrWeb32w.exe [3604.2928] ZwQuerySystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.2928] ZwQuerySystemEnvironmentValueEx SSDT 84BFDE1C DrWeb32w.exe [3604.2928] ZwQuerySystemInformation SSDT 84BFABD8 DrWeb32w.exe [3604.2928] ZwQuerySystemTime SSDT 84C127CC DrWeb32w.exe [3604.2928] ZwQueryTimer SSDT 84C05D71 DrWeb32w.exe [3604.2928] ZwQueryTimerResolution SSDT 84BEB10C DrWeb32w.exe [3604.2928] ZwQueryValueKey SSDT 84BF7BCB DrWeb32w.exe [3604.2928] ZwQueryVirtualMemory SSDT 84BF2436 DrWeb32w.exe [3604.2928] ZwQueryVolumeInformationFile SSDT 84C12727 DrWeb32w.exe [3604.2928] ZwQueueApcThread SSDT 84B59275 DrWeb32w.exe [3604.2928] ZwRaiseException SSDT 84CC6C25 DrWeb32w.exe [3604.2928] ZwRaiseHardError SSDT 84BF7EDF DrWeb32w.exe [3604.2928] ZwReadFile SSDT 84C9A0BF DrWeb32w.exe [3604.2928] ZwReadFileScatter SSDT 84C0C5BA DrWeb32w.exe [3604.2928] ZwReadRequestData SSDT 84BFFCAC DrWeb32w.exe [3604.2928] ZwReadVirtualMemory SSDT 84BFF1BF DrWeb32w.exe [3604.2928] ZwRegisterThreadTerminatePort SSDT 84BE6BC4 DrWeb32w.exe [3604.2928] ZwReleaseMutant SSDT 84BFD2BA DrWeb32w.exe [3604.2928] ZwReleaseSemaphore SSDT 84BE75B5 DrWeb32w.exe [3604.2928] ZwRemoveIoCompletion SSDT 84CD9B82 DrWeb32w.exe [3604.2928] ZwRemoveProcessDebug SSDT 84CCD7B9 DrWeb32w.exe [3604.2928] ZwRenameKey SSDT 84CCDCAE DrWeb32w.exe [3604.2928] ZwReplaceKey SSDT 84BFA54C DrWeb32w.exe [3604.2928] ZwReplyPort SSDT 84BED635 DrWeb32w.exe [3604.2928] ZwReplyWaitReceivePort SSDT 84BED14D DrWeb32w.exe [3604.2928] ZwReplyWaitReceivePortEx SSDT 84CA2DB0 DrWeb32w.exe [3604.2928] ZwReplyWaitReplyPort SSDT 84CAB60B DrWeb32w.exe [3604.2928] ZwRequestDeviceWakeup SSDT 84C61709 DrWeb32w.exe [3604.2928] ZwRequestPort SSDT 84BF76BE DrWeb32w.exe [3604.2928] ZwRequestWaitReplyPort SSDT 84CAB404 DrWeb32w.exe [3604.2928] ZwRequestWakeupLatency SSDT 84C59E58 DrWeb32w.exe [3604.2928] ZwResetEvent SSDT 84BB7AA2 DrWeb32w.exe [3604.2928] ZwResetWriteWatch SSDT 84CCC7D2 DrWeb32w.exe [3604.2928] ZwRestoreKey SSDT 84CAF1EE DrWeb32w.exe [3604.2928] ZwResumeProcess SSDT 84BFF0E5 DrWeb32w.exe [3604.2928] ZwResumeThread SSDT 84CCC879 DrWeb32w.exe [3604.2928] ZwSaveKey SSDT 84CCC90F DrWeb32w.exe [3604.2928] ZwSaveKeyEx SSDT 84CCC9E1 DrWeb32w.exe [3604.2928] ZwSaveMergedKeys SSDT 84C005E5 DrWeb32w.exe [3604.2928] ZwSecureConnectPort SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwSetBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.2928] ZwSetBootOptions SSDT 84CAD3F7 DrWeb32w.exe [3604.2928] ZwSetContextThread SSDT 84CDB564 DrWeb32w.exe [3604.2928] ZwSetDebugFilterState SSDT 84C2B929 DrWeb32w.exe [3604.2928] ZwSetDefaultHardErrorPort SSDT 84C47EA7 DrWeb32w.exe [3604.2928] ZwSetDefaultLocale SSDT 84C47E4D DrWeb32w.exe [3604.2928] ZwSetDefaultUILanguage SSDT 84C99479 DrWeb32w.exe [3604.2928] ZwSetEaFile SSDT 84BE8835 DrWeb32w.exe [3604.2928] ZwSetEvent SSDT 84BF7298 DrWeb32w.exe [3604.2928] ZwSetEventBoostPriority SSDT 84CC8083 DrWeb32w.exe [3604.2928] ZwSetHighEventPair SSDT 84CC7FA3 DrWeb32w.exe [3604.2928] ZwSetHighWaitLowEventPair SSDT 84CD9523 DrWeb32w.exe [3604.2928] ZwSetInformationDebugObject SSDT 84BFBB70 DrWeb32w.exe [3604.2928] ZwSetInformationFile SSDT 84C4798D DrWeb32w.exe [3604.2928] ZwSetInformationJobObject SSDT 84CCCED7 DrWeb32w.exe [3604.2928] ZwSetInformationKey SSDT 84C01539 DrWeb32w.exe [3604.2928] ZwSetInformationObject SSDT 84BF80A1 DrWeb32w.exe [3604.2928] ZwSetInformationProcess SSDT 84BF70AB DrWeb32w.exe [3604.2928] ZwSetInformationThread SSDT 84C24F90 DrWeb32w.exe [3604.2928] ZwSetInformationToken SSDT 84CC82A3 DrWeb32w.exe [3604.2928] ZwSetIntervalProfile SSDT 84BED91B DrWeb32w.exe [3604.2928] ZwSetIoCompletion SSDT 84CAE107 DrWeb32w.exe [3604.2928] ZwSetLdtEntries SSDT 84CC8017 DrWeb32w.exe [3604.2928] ZwSetLowEventPair SSDT 84CC7F2F DrWeb32w.exe [3604.2928] ZwSetLowWaitHighEventPair SSDT 84C997C1 DrWeb32w.exe [3604.2928] ZwSetQuotaInformationFile SSDT 84C5B145 DrWeb32w.exe [3604.2928] ZwSetSecurityObject SSDT 84CC7904 DrWeb32w.exe [3604.2928] ZwSetSystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.2928] ZwSetSystemEnvironmentValueEx SSDT 84C5412C DrWeb32w.exe [3604.2928] ZwSetSystemInformation SSDT 84CE7103 DrWeb32w.exe [3604.2928] ZwSetSystemPowerState SSDT 84CC68D9 DrWeb32w.exe [3604.2928] ZwSetSystemTime SSDT 84C632F0 DrWeb32w.exe [3604.2928] ZwSetThreadExecutionState SSDT 84B5FA35 DrWeb32w.exe [3604.2928] ZwSetTimer SSDT 84C635B7 DrWeb32w.exe [3604.2928] ZwSetTimerResolution SSDT 84C4BF22 DrWeb32w.exe [3604.2928] ZwSetUuidSeed SSDT 84BF57D5 DrWeb32w.exe [3604.2928] ZwSetValueKey SSDT 84C99CFF DrWeb32w.exe [3604.2928] ZwSetVolumeInformationFile SSDT 84CC6027 DrWeb32w.exe [3604.2928] ZwShutdownSystem SSDT 84B93A71 DrWeb32w.exe [3604.2928] ZwSignalAndWaitForSingleObject SSDT 84CC850E DrWeb32w.exe [3604.2928] ZwStartProfile SSDT 84CC86C7 DrWeb32w.exe [3604.2928] ZwStopProfile SSDT 84CAF193 DrWeb32w.exe [3604.2928] ZwSuspendProcess SSDT 84CAF0AF DrWeb32w.exe [3604.2928] ZwSuspendThread SSDT 84CC8827 DrWeb32w.exe [3604.2928] ZwSystemDebugControl SSDT 84CAFAC1 DrWeb32w.exe [3604.2928] ZwTerminateJobObject SSDT 84C07609 DrWeb32w.exe [3604.2928] ZwTerminateProcess SSDT 84BFB7AC DrWeb32w.exe [3604.2928] ZwTerminateThread SSDT 84BFEBCD DrWeb32w.exe [3604.2928] ZwTestAlert SSDT 84BC18D0 DrWeb32w.exe [3604.2928] ZwTraceEvent SSDT 84CC7653 DrWeb32w.exe [3604.2928] ZwTranslateFilePath SSDT 84C9C3AC DrWeb32w.exe [3604.2928] ZwUnloadDriver SSDT 84CCCAA7 DrWeb32w.exe [3604.2928] ZwUnloadKey SSDT 84CCCCA4 DrWeb32w.exe [3604.2928] ZwUnloadKeyEx SSDT 84C0FFBE DrWeb32w.exe [3604.2928] ZwUnlockFile SSDT 84CA6943 DrWeb32w.exe [3604.2928] ZwUnlockVirtualMemory SSDT 84BF3063 DrWeb32w.exe [3604.2928] ZwUnmapViewOfSection SSDT 84C292CB DrWeb32w.exe [3604.2928] ZwVdmControl SSDT 84CD926E DrWeb32w.exe [3604.2928] ZwWaitForDebugEvent SSDT 84BE6CA1 DrWeb32w.exe [3604.2928] ZwWaitForMultipleObjects SSDT 84BE6265 DrWeb32w.exe [3604.2928] ZwWaitForSingleObject SSDT 84CC7EC3 DrWeb32w.exe [3604.2928] ZwWaitHighEventPair SSDT 84CC7E57 DrWeb32w.exe [3604.2928] ZwWaitLowEventPair SSDT 84BFBDF5 DrWeb32w.exe [3604.2928] ZwWriteFile SSDT 84C55D57 DrWeb32w.exe [3604.2928] ZwWriteFileGather SSDT 84C0C63E DrWeb32w.exe [3604.2928] ZwWriteRequestData SSDT 84BFFDA4 DrWeb32w.exe [3604.2928] ZwWriteVirtualMemory SSDT 84B81074 DrWeb32w.exe [3604.2928] ZwYieldExecution SSDT 84C3E48A DrWeb32w.exe [3604.2928] ZwCreateKeyedEvent SSDT 84C04996 DrWeb32w.exe [3604.2928] ZwOpenKeyedEvent SSDT 84CC8C9B DrWeb32w.exe [3604.2928] ZwReleaseKeyedEvent SSDT 84CC8F06 DrWeb32w.exe [3604.2928] ZwWaitForKeyedEvent SSDT 84CAC9F7 DrWeb32w.exe [3604.2928] ZwQueryPortInformationProcess ---- Threads - GMER 1.0.15 ---- Thread DrWeb32w.exe [3604:1984] SSDT 0x85549008 != 0x804E48B0 SSDT 84C00DAF DrWeb32w.exe [3604.1984] ZwAcceptConnectPort SSDT 84BF94DD DrWeb32w.exe [3604.1984] ZwAccessCheck SSDT 84C0D5D8 DrWeb32w.exe [3604.1984] ZwAccessCheckAndAuditAlarm SSDT 84C12AF2 DrWeb32w.exe [3604.1984] ZwAccessCheckByType SSDT 84C0D65F DrWeb32w.exe [3604.1984] ZwAccessCheckByTypeAndAuditAlarm SSDT 84CB7776 DrWeb32w.exe [3604.1984] ZwAccessCheckByTypeResultList SSDT 84CB98FF DrWeb32w.exe [3604.1984] ZwAccessCheckByTypeResultListAndAuditAlarm SSDT 84CB9948 DrWeb32w.exe [3604.1984] ZwAccessCheckByTypeResultListAndAuditAlarmByHandle SSDT 84BF5AF3 DrWeb32w.exe [3604.1984] ZwAddAtom SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwAddBootEntry SSDT 84CB6F37 DrWeb32w.exe [3604.1984] ZwAdjustGroupsToken SSDT 84C0CAC3 DrWeb32w.exe [3604.1984] ZwAdjustPrivilegesToken SSDT 84CAF24E DrWeb32w.exe [3604.1984] ZwAlertResumeThread SSDT 84BFD97F DrWeb32w.exe [3604.1984] ZwAlertThread SSDT 84C12052 DrWeb32w.exe [3604.1984] ZwAllocateLocallyUniqueId SSDT 84CA6072 DrWeb32w.exe [3604.1984] ZwAllocateUserPhysicalPages SSDT 84C24CB9 DrWeb32w.exe [3604.1984] ZwAllocateUuids SSDT 84BE8FB2 DrWeb32w.exe [3604.1984] ZwAllocateVirtualMemory SSDT 84C5D6E1 DrWeb32w.exe [3604.1984] ZwAreMappedFilesTheSame SSDT 84C5E2E8 DrWeb32w.exe [3604.1984] ZwAssignProcessToJobObject SSDT 84B5CEC4 DrWeb32w.exe [3604.1984] ZwCallbackReturn SSDT 84CC762B DrWeb32w.exe [3604.1984] ZwCancelDeviceWakeupRequest SSDT 84C55A6A DrWeb32w.exe [3604.1984] ZwCancelIoFile SSDT 84B64822 DrWeb32w.exe [3604.1984] ZwCancelTimer SSDT 84BE88C4 DrWeb32w.exe [3604.1984] ZwClearEvent SSDT 84BE793F DrWeb32w.exe [3604.1984] ZwClose SSDT 84C0D208 DrWeb32w.exe [3604.1984] ZwCloseObjectAuditAlarm SSDT 84CCD951 DrWeb32w.exe [3604.1984] ZwCompactKeys SSDT 84C0C72F DrWeb32w.exe [3604.1984] ZwCompareTokens SSDT 84C013C9 DrWeb32w.exe [3604.1984] ZwCompleteConnectPort SSDT 84CCDBBF DrWeb32w.exe [3604.1984] ZwCompressKey SSDT 84C0C08E DrWeb32w.exe [3604.1984] ZwConnectPort SSDT 84B5922D DrWeb32w.exe [3604.1984] ZwContinue SSDT 84CD8934 DrWeb32w.exe [3604.1984] ZwCreateDebugObject SSDT 84C4A4E1 DrWeb32w.exe [3604.1984] ZwCreateDirectoryObject SSDT 84BEE467 DrWeb32w.exe [3604.1984] ZwCreateEvent SSDT 84CC7C90 DrWeb32w.exe [3604.1984] ZwCreateEventPair SSDT 84BF2184 DrWeb32w.exe [3604.1984] ZwCreateFile SSDT 84C12DD5 DrWeb32w.exe [3604.1984] ZwCreateIoCompletion SSDT 84C47839 DrWeb32w.exe [3604.1984] ZwCreateJobObject SSDT 84CAF6F7 DrWeb32w.exe [3604.1984] ZwCreateJobSet SSDT 84BEFD6F DrWeb32w.exe [3604.1984] ZwCreateKey SSDT 84C551CB DrWeb32w.exe [3604.1984] ZwCreateMailslotFile SSDT 84BFA41F DrWeb32w.exe [3604.1984] ZwCreateMutant SSDT 84C0218A DrWeb32w.exe [3604.1984] ZwCreateNamedPipeFile SSDT 84C30399 DrWeb32w.exe [3604.1984] ZwCreatePagingFile SSDT 84C18A38 DrWeb32w.exe [3604.1984] ZwCreatePort SSDT 84C2C038 DrWeb32w.exe [3604.1984] ZwCreateProcess SSDT 84C04744 DrWeb32w.exe [3604.1984] ZwCreateProcessEx SSDT 84CC82C7 DrWeb32w.exe [3604.1984] ZwCreateProfile SSDT 84BE5E25 DrWeb32w.exe [3604.1984] ZwCreateSection SSDT 84BF4CF9 DrWeb32w.exe [3604.1984] ZwCreateSemaphore SSDT 84C5D2CD DrWeb32w.exe [3604.1984] ZwCreateSymbolicLinkObject SSDT 84BFEA6E DrWeb32w.exe [3604.1984] ZwCreateThread SSDT 84C59AEC DrWeb32w.exe [3604.1984] ZwCreateTimer SSDT 84C258F6 DrWeb32w.exe [3604.1984] ZwCreateToken SSDT 84C4B2AC DrWeb32w.exe [3604.1984] ZwCreateWaitablePort SSDT 84CD9AAD DrWeb32w.exe [3604.1984] ZwDebugActiveProcess SSDT 84CD9C07 DrWeb32w.exe [3604.1984] ZwDebugContinue SSDT 84BE6B59 DrWeb32w.exe [3604.1984] ZwDelayExecution SSDT 84C0F8AF DrWeb32w.exe [3604.1984] ZwDeleteAtom SSDT 84CC762B DrWeb32w.exe [3604.1984] ZwDeleteBootEntry SSDT 84C53902 DrWeb32w.exe [3604.1984] ZwDeleteFile SSDT 84C17837 DrWeb32w.exe [3604.1984] ZwDeleteKey SSDT 84CB99A3 DrWeb32w.exe [3604.1984] ZwDeleteObjectAuditAlarm SSDT 84C1648E DrWeb32w.exe [3604.1984] ZwDeleteValueKey SSDT 84C01E85 DrWeb32w.exe [3604.1984] ZwDeviceIoControlFile SSDT 84C31838 DrWeb32w.exe [3604.1984] ZwDisplayString SSDT 84BF4629 DrWeb32w.exe [3604.1984] ZwDuplicateObject SSDT 84BFA853 DrWeb32w.exe [3604.1984] ZwDuplicateToken SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwEnumerateBootEntries SSDT 84BF0EE4 DrWeb32w.exe [3604.1984] ZwEnumerateKey SSDT 84CC7617 DrWeb32w.exe [3604.1984] ZwEnumerateSystemEnvironmentValuesEx SSDT 84C02F3E DrWeb32w.exe [3604.1984] ZwEnumerateValueKey SSDT 84CA5031 DrWeb32w.exe [3604.1984] ZwExtendSection SSDT 84C4C8E4 DrWeb32w.exe [3604.1984] ZwFilterToken SSDT 84C152EE DrWeb32w.exe [3604.1984] ZwFindAtom SSDT 84BFD6C9 DrWeb32w.exe [3604.1984] ZwFlushBuffersFile SSDT 84BFF3DB DrWeb32w.exe [3604.1984] ZwFlushInstructionCache SSDT 84C5C4BB DrWeb32w.exe [3604.1984] ZwFlushKey SSDT 84C60238 DrWeb32w.exe [3604.1984] ZwFlushVirtualMemory SSDT 84CA68CF DrWeb32w.exe [3604.1984] ZwFlushWriteBuffer SSDT 84CA6425 DrWeb32w.exe [3604.1984] ZwFreeUserPhysicalPages SSDT 84BE94AC DrWeb32w.exe [3604.1984] ZwFreeVirtualMemory SSDT 84BFAF33 DrWeb32w.exe [3604.1984] ZwFsControlFile SSDT 84CAD1D1 DrWeb32w.exe [3604.1984] ZwGetContextThread SSDT 84CAB697 DrWeb32w.exe [3604.1984] ZwGetDevicePowerState SSDT 84C1B74F DrWeb32w.exe [3604.1984] ZwGetPlugPlayEvent SSDT 84BB7629 DrWeb32w.exe [3604.1984] ZwGetWriteWatch SSDT 84C185ED DrWeb32w.exe [3604.1984] ZwImpersonateAnonymousToken SSDT 84C0BB33 DrWeb32w.exe [3604.1984] ZwImpersonateClientOfPort SSDT 84BFFE95 DrWeb32w.exe [3604.1984] ZwImpersonateThread SSDT 84C4AA9D DrWeb32w.exe [3604.1984] ZwInitializeRegistry SSDT 84CAB463 DrWeb32w.exe [3604.1984] ZwInitiatePowerAction SSDT 84CAF5AB DrWeb32w.exe [3604.1984] ZwIsProcessInJob SSDT 84CAB67E DrWeb32w.exe [3604.1984] ZwIsSystemResumeAutomatic SSDT 84C4A90C DrWeb32w.exe [3604.1984] ZwListenPort SSDT 84C49D0C DrWeb32w.exe [3604.1984] ZwLoadDriver SSDT 84C4CDAD DrWeb32w.exe [3604.1984] ZwLoadKey SSDT 84C4CBFB DrWeb32w.exe [3604.1984] ZwLoadKey2 SSDT 84C0FE5E DrWeb32w.exe [3604.1984] ZwLockFile SSDT 84C4C143 DrWeb32w.exe [3604.1984] ZwLockProductActivationKeys SSDT 84C4637B DrWeb32w.exe [3604.1984] ZwLockRegistryKey SSDT 84C29C9B DrWeb32w.exe [3604.1984] ZwLockVirtualMemory SSDT 84C5D4D5 DrWeb32w.exe [3604.1984] ZwMakePermanentObject SSDT 84C5D59C DrWeb32w.exe [3604.1984] ZwMakeTemporaryObject SSDT 84CA56CE DrWeb32w.exe [3604.1984] ZwMapUserPhysicalPages SSDT 84CA5B27 DrWeb32w.exe [3604.1984] ZwMapUserPhysicalPagesScatter SSDT 84BF34DB DrWeb32w.exe [3604.1984] ZwMapViewOfSection SSDT 84CC762B DrWeb32w.exe [3604.1984] ZwModifyBootEntry SSDT 84C100F5 DrWeb32w.exe [3604.1984] ZwNotifyChangeDirectoryFile SSDT 84C144D2 DrWeb32w.exe [3604.1984] ZwNotifyChangeKey SSDT 84C142E4 DrWeb32w.exe [3604.1984] ZwNotifyChangeMultipleKeys SSDT 84C01C65 DrWeb32w.exe [3604.1984] ZwOpenDirectoryObject SSDT 84C03193 DrWeb32w.exe [3604.1984] ZwOpenEvent SSDT 84CC7D83 DrWeb32w.exe [3604.1984] ZwOpenEventPair SSDT 84BF22F8 DrWeb32w.exe [3604.1984] ZwOpenFile SSDT 84C98CEB DrWeb32w.exe [3604.1984] ZwOpenIoCompletion SSDT 84CAF94F DrWeb32w.exe [3604.1984] ZwOpenJobObject SSDT 84BEACC8 DrWeb32w.exe [3604.1984] ZwOpenKey SSDT 84BFA4CD DrWeb32w.exe [3604.1984] ZwOpenMutant SSDT 84C6148B DrWeb32w.exe [3604.1984] ZwOpenObjectAuditAlarm SSDT 84BF4ABD DrWeb32w.exe [3604.1984] ZwOpenProcess SSDT 84BEF752 DrWeb32w.exe [3604.1984] ZwOpenProcessToken SSDT 84BEF6A9 DrWeb32w.exe [3604.1984] ZwOpenProcessTokenEx SSDT 84BF390A DrWeb32w.exe [3604.1984] ZwOpenSection SSDT 84C5D653 DrWeb32w.exe [3604.1984] ZwOpenSemaphore SSDT 84C01BE8 DrWeb32w.exe [3604.1984] ZwOpenSymbolicLinkObject SSDT 84C147B4 DrWeb32w.exe [3604.1984] ZwOpenThread SSDT 84BEDF16 DrWeb32w.exe [3604.1984] ZwOpenThreadToken SSDT 84BEDE10 DrWeb32w.exe [3604.1984] ZwOpenThreadTokenEx SSDT 84CC7BB9 DrWeb32w.exe [3604.1984] ZwOpenTimer SSDT 84C1A235 DrWeb32w.exe [3604.1984] ZwPlugPlayControl SSDT 84C5F40F DrWeb32w.exe [3604.1984] ZwPowerInformation SSDT 84C1A530 DrWeb32w.exe [3604.1984] ZwPrivilegeCheck SSDT 84C24DFF DrWeb32w.exe [3604.1984] ZwPrivilegeObjectAuditAlarm SSDT 84C4BD76 DrWeb32w.exe [3604.1984] ZwPrivilegedServiceAuditAlarm SSDT 84BF4DD2 DrWeb32w.exe [3604.1984] ZwProtectVirtualMemory SSDT 84C4B204 DrWeb32w.exe [3604.1984] ZwPulseEvent SSDT 84BF82B4 DrWeb32w.exe [3604.1984] ZwQueryAttributesFile SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwQueryBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwQueryBootOptions SSDT 84B72B89 DrWeb32w.exe [3604.1984] ZwQueryDebugFilterState SSDT 84BE7139 DrWeb32w.exe [3604.1984] ZwQueryDefaultLocale SSDT 84C02965 DrWeb32w.exe [3604.1984] ZwQueryDefaultUILanguage SSDT 84BF53AA DrWeb32w.exe [3604.1984] ZwQueryDirectoryFile SSDT 84C081C8 DrWeb32w.exe [3604.1984] ZwQueryDirectoryObject SSDT 84C98F34 DrWeb32w.exe [3604.1984] ZwQueryEaFile SSDT 84C019CF DrWeb32w.exe [3604.1984] ZwQueryEvent SSDT 84BFD16F DrWeb32w.exe [3604.1984] ZwQueryFullAttributesFile SSDT 84C4851A DrWeb32w.exe [3604.1984] ZwQueryInformationAtom SSDT 84BF3A7B DrWeb32w.exe [3604.1984] ZwQueryInformationFile SSDT 84C04E4B DrWeb32w.exe [3604.1984] ZwQueryInformationJobObject SSDT 84CA2CD1 DrWeb32w.exe [3604.1984] ZwQueryInformationPort SSDT 84BEDFFA DrWeb32w.exe [3604.1984] ZwQueryInformationProcess SSDT 84BED656 DrWeb32w.exe [3604.1984] ZwQueryInformationThread SSDT 84BEE540 DrWeb32w.exe [3604.1984] ZwQueryInformationToken SSDT 84C015BA DrWeb32w.exe [3604.1984] ZwQueryInstallUILanguage SSDT 84CC8777 DrWeb32w.exe [3604.1984] ZwQueryIntervalProfile SSDT 84C98DAC DrWeb32w.exe [3604.1984] ZwQueryIoCompletion SSDT 84BF0AE4 DrWeb32w.exe [3604.1984] ZwQueryKey SSDT 84CCD374 DrWeb32w.exe [3604.1984] ZwQueryMultipleValueKey SSDT 84CC80FC DrWeb32w.exe [3604.1984] ZwQueryMutant SSDT 84C033B8 DrWeb32w.exe [3604.1984] ZwQueryObject SSDT 84CCD57A DrWeb32w.exe [3604.1984] ZwQueryOpenSubKeys SSDT 84BE8AA7 DrWeb32w.exe [3604.1984] ZwQueryPerformanceCounter SSDT 84C997EB DrWeb32w.exe [3604.1984] ZwQueryQuotaInformationFile SSDT 84BFF828 DrWeb32w.exe [3604.1984] ZwQuerySection SSDT 84C58FD5 DrWeb32w.exe [3604.1984] ZwQuerySecurityObject SSDT 84CC6EE9 DrWeb32w.exe [3604.1984] ZwQuerySemaphore SSDT 84C01A59 DrWeb32w.exe [3604.1984] ZwQuerySymbolicLinkObject SSDT 84CC7667 DrWeb32w.exe [3604.1984] ZwQuerySystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.1984] ZwQuerySystemEnvironmentValueEx SSDT 84BFDE1C DrWeb32w.exe [3604.1984] ZwQuerySystemInformation SSDT 84BFABD8 DrWeb32w.exe [3604.1984] ZwQuerySystemTime SSDT 84C127CC DrWeb32w.exe [3604.1984] ZwQueryTimer SSDT 84C05D71 DrWeb32w.exe [3604.1984] ZwQueryTimerResolution SSDT 84BEB10C DrWeb32w.exe [3604.1984] ZwQueryValueKey SSDT 84BF7BCB DrWeb32w.exe [3604.1984] ZwQueryVirtualMemory SSDT 84BF2436 DrWeb32w.exe [3604.1984] ZwQueryVolumeInformationFile SSDT 84C12727 DrWeb32w.exe [3604.1984] ZwQueueApcThread SSDT 84B59275 DrWeb32w.exe [3604.1984] ZwRaiseException SSDT 84CC6C25 DrWeb32w.exe [3604.1984] ZwRaiseHardError SSDT 84BF7EDF DrWeb32w.exe [3604.1984] ZwReadFile SSDT 84C9A0BF DrWeb32w.exe [3604.1984] ZwReadFileScatter SSDT 84C0C5BA DrWeb32w.exe [3604.1984] ZwReadRequestData SSDT 84BFFCAC DrWeb32w.exe [3604.1984] ZwReadVirtualMemory SSDT 84BFF1BF DrWeb32w.exe [3604.1984] ZwRegisterThreadTerminatePort SSDT 84BE6BC4 DrWeb32w.exe [3604.1984] ZwReleaseMutant SSDT 84BFD2BA DrWeb32w.exe [3604.1984] ZwReleaseSemaphore SSDT 84BE75B5 DrWeb32w.exe [3604.1984] ZwRemoveIoCompletion SSDT 84CD9B82 DrWeb32w.exe [3604.1984] ZwRemoveProcessDebug SSDT 84CCD7B9 DrWeb32w.exe [3604.1984] ZwRenameKey SSDT 84CCDCAE DrWeb32w.exe [3604.1984] ZwReplaceKey SSDT 84BFA54C DrWeb32w.exe [3604.1984] ZwReplyPort SSDT 84BED635 DrWeb32w.exe [3604.1984] ZwReplyWaitReceivePort SSDT 84BED14D DrWeb32w.exe [3604.1984] ZwReplyWaitReceivePortEx SSDT 84CA2DB0 DrWeb32w.exe [3604.1984] ZwReplyWaitReplyPort SSDT 84CAB60B DrWeb32w.exe [3604.1984] ZwRequestDeviceWakeup SSDT 84C61709 DrWeb32w.exe [3604.1984] ZwRequestPort SSDT 84BF76BE DrWeb32w.exe [3604.1984] ZwRequestWaitReplyPort SSDT 84CAB404 DrWeb32w.exe [3604.1984] ZwRequestWakeupLatency SSDT 84C59E58 DrWeb32w.exe [3604.1984] ZwResetEvent SSDT 84BB7AA2 DrWeb32w.exe [3604.1984] ZwResetWriteWatch SSDT 84CCC7D2 DrWeb32w.exe [3604.1984] ZwRestoreKey SSDT 84CAF1EE DrWeb32w.exe [3604.1984] ZwResumeProcess SSDT 84BFF0E5 DrWeb32w.exe [3604.1984] ZwResumeThread SSDT 84CCC879 DrWeb32w.exe [3604.1984] ZwSaveKey SSDT 84CCC90F DrWeb32w.exe [3604.1984] ZwSaveKeyEx SSDT 84CCC9E1 DrWeb32w.exe [3604.1984] ZwSaveMergedKeys SSDT 84C005E5 DrWeb32w.exe [3604.1984] ZwSecureConnectPort SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwSetBootEntryOrder SSDT 84CC763F DrWeb32w.exe [3604.1984] ZwSetBootOptions SSDT 84CAD3F7 DrWeb32w.exe [3604.1984] ZwSetContextThread SSDT 84CDB564 DrWeb32w.exe [3604.1984] ZwSetDebugFilterState SSDT 84C2B929 DrWeb32w.exe [3604.1984] ZwSetDefaultHardErrorPort SSDT 84C47EA7 DrWeb32w.exe [3604.1984] ZwSetDefaultLocale SSDT 84C47E4D DrWeb32w.exe [3604.1984] ZwSetDefaultUILanguage SSDT 84C99479 DrWeb32w.exe [3604.1984] ZwSetEaFile SSDT 84BE8835 DrWeb32w.exe [3604.1984] ZwSetEvent SSDT 84BF7298 DrWeb32w.exe [3604.1984] ZwSetEventBoostPriority SSDT 84CC8083 DrWeb32w.exe [3604.1984] ZwSetHighEventPair SSDT 84CC7FA3 DrWeb32w.exe [3604.1984] ZwSetHighWaitLowEventPair SSDT 84CD9523 DrWeb32w.exe [3604.1984] ZwSetInformationDebugObject SSDT 84BFBB70 DrWeb32w.exe [3604.1984] ZwSetInformationFile SSDT 84C4798D DrWeb32w.exe [3604.1984] ZwSetInformationJobObject SSDT 84CCCED7 DrWeb32w.exe [3604.1984] ZwSetInformationKey SSDT 84C01539 DrWeb32w.exe [3604.1984] ZwSetInformationObject SSDT 84BF80A1 DrWeb32w.exe [3604.1984] ZwSetInformationProcess SSDT 84BF70AB DrWeb32w.exe [3604.1984] ZwSetInformationThread SSDT 84C24F90 DrWeb32w.exe [3604.1984] ZwSetInformationToken SSDT 84CC82A3 DrWeb32w.exe [3604.1984] ZwSetIntervalProfile SSDT 84BED91B DrWeb32w.exe [3604.1984] ZwSetIoCompletion SSDT 84CAE107 DrWeb32w.exe [3604.1984] ZwSetLdtEntries SSDT 84CC8017 DrWeb32w.exe [3604.1984] ZwSetLowEventPair SSDT 84CC7F2F DrWeb32w.exe [3604.1984] ZwSetLowWaitHighEventPair SSDT 84C997C1 DrWeb32w.exe [3604.1984] ZwSetQuotaInformationFile SSDT 84C5B145 DrWeb32w.exe [3604.1984] ZwSetSecurityObject SSDT 84CC7904 DrWeb32w.exe [3604.1984] ZwSetSystemEnvironmentValue SSDT 84CC7603 DrWeb32w.exe [3604.1984] ZwSetSystemEnvironmentValueEx SSDT 84C5412C DrWeb32w.exe [3604.1984] ZwSetSystemInformation SSDT 84CE7103 DrWeb32w.exe [3604.1984] ZwSetSystemPowerState SSDT 84CC68D9 DrWeb32w.exe [3604.1984] ZwSetSystemTime SSDT 84C632F0 DrWeb32w.exe [3604.1984] ZwSetThreadExecutionState SSDT 84B5FA35 DrWeb32w.exe [3604.1984] ZwSetTimer SSDT 84C635B7 DrWeb32w.exe [3604.1984] ZwSetTimerResolution SSDT 84C4BF22 DrWeb32w.exe [3604.1984] ZwSetUuidSeed SSDT 84BF57D5 DrWeb32w.exe [3604.1984] ZwSetValueKey SSDT 84C99CFF DrWeb32w.exe [3604.1984] ZwSetVolumeInformationFile SSDT 84CC6027 DrWeb32w.exe [3604.1984] ZwShutdownSystem SSDT 84B93A71 DrWeb32w.exe [3604.1984] ZwSignalAndWaitForSingleObject SSDT 84CC850E DrWeb32w.exe [3604.1984] ZwStartProfile SSDT 84CC86C7 DrWeb32w.exe [3604.1984] ZwStopProfile SSDT 84CAF193 DrWeb32w.exe [3604.1984] ZwSuspendProcess SSDT 84CAF0AF DrWeb32w.exe [3604.1984] ZwSuspendThread SSDT 84CC8827 DrWeb32w.exe [3604.1984] ZwSystemDebugControl SSDT 84CAFAC1 DrWeb32w.exe [3604.1984] ZwTerminateJobObject SSDT 84C07609 DrWeb32w.exe [3604.1984] ZwTerminateProcess SSDT 84BFB7AC DrWeb32w.exe [3604.1984] ZwTerminateThread SSDT 84BFEBCD DrWeb32w.exe [3604.1984] ZwTestAlert SSDT 84BC18D0 DrWeb32w.exe [3604.1984] ZwTraceEvent SSDT 84CC7653 DrWeb32w.exe [3604.1984] ZwTranslateFilePath SSDT 84C9C3AC DrWeb32w.exe [3604.1984] ZwUnloadDriver SSDT 84CCCAA7 DrWeb32w.exe [3604.1984] ZwUnloadKey SSDT 84CCCCA4 DrWeb32w.exe [3604.1984] ZwUnloadKeyEx SSDT 84C0FFBE DrWeb32w.exe [3604.1984] ZwUnlockFile SSDT 84CA6943 DrWeb32w.exe [3604.1984] ZwUnlockVirtualMemory SSDT 84BF3063 DrWeb32w.exe [3604.1984] ZwUnmapViewOfSection SSDT 84C292CB DrWeb32w.exe [3604.1984] ZwVdmControl SSDT 84CD926E DrWeb32w.exe [3604.1984] ZwWaitForDebugEvent SSDT 84BE6CA1 DrWeb32w.exe [3604.1984] ZwWaitForMultipleObjects SSDT 84BE6265 DrWeb32w.exe [3604.1984] ZwWaitForSingleObject SSDT 84CC7EC3 DrWeb32w.exe [3604.1984] ZwWaitHighEventPair SSDT 84CC7E57 DrWeb32w.exe [3604.1984] ZwWaitLowEventPair SSDT 84BFBDF5 DrWeb32w.exe [3604.1984] ZwWriteFile SSDT 84C55D57 DrWeb32w.exe [3604.1984] ZwWriteFileGather SSDT 84C0C63E DrWeb32w.exe [3604.1984] ZwWriteRequestData SSDT 84BFFDA4 DrWeb32w.exe [3604.1984] ZwWriteVirtualMemory SSDT 84B81074 DrWeb32w.exe [3604.1984] ZwYieldExecution SSDT 84C3E48A DrWeb32w.exe [3604.1984] ZwCreateKeyedEvent SSDT 84C04996 DrWeb32w.exe [3604.1984] ZwOpenKeyedEvent SSDT 84CC8C9B DrWeb32w.exe [3604.1984] ZwReleaseKeyedEvent SSDT 84CC8F06 DrWeb32w.exe [3604.1984] ZwWaitForKeyedEvent SSDT 84CAC9F7 DrWeb32w.exe [3604.1984] ZwQueryPortInformationProcess ---- Processes - GMER 1.0.15 ---- Library C:\WINDOWS\system32\CF9978.exe (*** hidden *** ) @ C:\WINDOWS\system32\CF9978.exe [4012] 0x4AD00000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 99 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Temp\9542e1be-e956-435c-8e25-cdb83b16ca93.tmp 0 bytes ---- EOF - GMER 1.0.15 ---- Endret 12. juni 2009 av Mitosuke Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 Combofix loggen: ComboFix 09-06-12.02 - Mitosuke 12.06.2009 23:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1023.249 [GMT 2:00] Kjører fra: c:\documents and settings\Mitosuke\Mine dokumenter\Firefox Downloads\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-12 til 2009-06-12 ))))))))))))))))))))))))))))))))) . 2009-06-12 20:10 . 2009-06-12 20:10 -------- d-----w- c:\windows\Sun 2009-06-12 20:10 . 2009-06-12 20:09 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-12 20:09 . 2009-06-12 20:09 -------- d-----w- c:\programfiler\Java 2009-06-12 20:09 . 2009-06-12 20:09 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee 2009-06-12 20:09 . 2009-06-12 20:09 152576 ----a-w- c:\documents and settings\Mitosuke\Programdata\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-12 19:09 . 2009-06-12 19:09 -------- d-----w- c:\windows\system32\xircom 2009-06-12 19:09 . 2009-06-12 19:09 -------- d-----w- c:\windows\system32\wbem\snmp 2009-06-12 19:09 . 2009-06-12 19:09 -------- d-----w- c:\programfiler\microsoft frontpage 2009-06-12 15:57 . 2009-06-12 19:10 -------- d-----w- c:\documents and settings\Mitosuke\DoctorWeb 2009-06-12 15:57 . 2009-04-07 14:01 101496 ----a-w- c:\windows\system32\drivers\dwprot.sys 2009-06-12 15:57 . 2009-06-12 15:57 -------- d-----w- c:\programfiler\Fellesfiler\Doctor Web 2009-06-12 15:57 . 2009-06-12 15:57 -------- d-----w- c:\documents and settings\All Users\Programdata\Doctor Web 2009-06-12 15:57 . 2009-06-12 20:57 -------- d-----w- c:\programfiler\DrWeb 2009-06-12 14:01 . 2009-06-12 14:01 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\Malwarebytes 2009-06-12 14:01 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-12 14:00 . 2009-06-12 14:01 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-12 14:00 . 2009-06-12 14:01 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-06-12 14:00 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-12 13:15 . 2009-06-12 13:15 -------- d--h--w- C:\$AVG8.VAULT$ 2009-06-12 12:59 . 2009-06-12 19:56 -------- d-sh--w- c:\documents and settings\Mitosuke\Siste 2009-06-11 21:34 . 2008-06-14 18:00 272256 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-06-11 21:34 . 2008-06-14 18:00 272256 ------w- c:\windows\system32\drivers\bthport.sys 2009-06-11 21:34 . 2009-02-09 11:45 2064768 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-06-11 21:32 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-06-11 21:32 . 2008-10-24 11:25 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-11 21:32 . 2008-12-11 10:24 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-06-11 21:32 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-06-11 21:32 . 2008-04-11 18:41 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-06-11 21:31 . 2008-10-03 10:17 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-06-11 21:31 . 2008-10-15 17:01 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-06-11 21:31 . 2008-09-04 16:46 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-06-11 21:31 . 2009-06-12 12:49 -------- d--h--w- c:\windows\$hf_mig$ 2009-06-11 21:31 . 2008-04-21 21:28 217088 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-06-11 21:30 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-06-11 16:16 . 2009-06-11 20:46 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\BitTorrent 2009-06-11 16:16 . 2009-06-11 16:16 -------- d-----w- c:\documents and settings\Mitosuke\Lokale innstillinger\Programdata\DNA 2009-06-11 16:16 . 2009-06-12 21:01 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\DNA 2009-06-11 16:16 . 2009-06-12 19:10 -------- d-----w- c:\programfiler\DNA 2009-06-11 16:16 . 2009-06-11 16:16 -------- d-----w- c:\programfiler\BitTorrent 2009-06-11 11:46 . 2009-06-11 14:42 -------- d-----w- c:\documents and settings\Mitosuke\Lokale innstillinger\Programdata\WarRockDF 2009-06-11 10:38 . 2009-06-11 10:38 -------- d-----w- c:\programfiler\GamersFirst 2009-06-11 10:38 . 2009-06-11 10:38 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\InstallShield 2009-06-11 08:22 . 2009-06-11 08:22 -------- d-----w- c:\programfiler\VideoLAN 2009-06-11 07:31 . 2009-06-10 22:37 90632 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgtdix.sys 2009-06-11 07:31 . 2009-06-10 22:37 12936 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrkx86.sys 2009-06-11 07:31 . 2009-06-10 22:37 98440 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgldx86.sys 2009-06-11 07:31 . 2009-06-10 22:37 10520 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrsstx.dll 2009-06-11 07:31 . 2009-06-10 22:37 26824 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgmfx86.sys 2009-06-11 07:31 . 2009-06-10 22:37 287000 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrsx.exe 2009-06-11 07:29 . 2009-06-10 22:37 652056 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgupd.exe 2009-06-11 07:29 . 2009-06-10 22:37 1123072 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgupd.dll 2009-06-11 07:29 . 2009-06-10 22:37 584472 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avginet.dll 2009-06-11 07:29 . 2009-06-10 22:37 443672 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgiproxy.exe 2009-06-11 01:21 . 2009-06-11 01:21 -------- d-----w- c:\programfiler\QuickTime 2009-06-11 01:21 . 2007-02-20 14:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe 2009-06-11 01:21 . 2007-02-20 14:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll 2009-06-11 01:20 . 2009-06-11 01:20 -------- d-----w- c:\programfiler\Bonjour 2009-06-11 01:12 . 2009-06-12 20:28 -------- d-----w- c:\documents and settings\Mitosuke\Tracing 2009-06-11 01:11 . 2009-06-11 01:11 -------- d-----w- c:\programfiler\Fellesfiler\Macrovision Shared 2009-06-11 01:11 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-06-11 01:10 . 2009-06-11 01:10 -------- d-----w- c:\programfiler\Microsoft SQL Server Compact Edition 2009-06-11 01:10 . 2008-07-09 07:44 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2009-06-11 01:10 . 2009-06-11 01:20 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2009-06-11 01:09 . 2009-06-11 01:09 -------- d-----w- c:\programfiler\Microsoft 2009-06-11 01:09 . 2009-06-11 01:09 -------- d-----w- c:\programfiler\Windows Live SkyDrive 2009-06-11 01:08 . 2009-06-11 01:11 -------- d-----w- c:\programfiler\Windows Live 2009-06-11 01:07 . 2009-06-11 01:12 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\Spotify 2009-06-11 01:07 . 2009-06-11 01:07 -------- d-----w- c:\documents and settings\Mitosuke\Lokale innstillinger\Programdata\Spotify 2009-06-11 01:07 . 2009-06-11 01:07 -------- d-----w- c:\programfiler\Spotify 2009-06-11 00:59 . 2009-06-11 00:59 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live 2009-06-11 00:53 . 2009-06-11 00:53 -------- d-s---w- c:\documents and settings\Mitosuke\UserData 2009-06-11 00:22 . 2009-06-11 00:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-11 00:22 . 2009-06-12 15:44 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\skypePM 2009-06-11 00:22 . 2009-06-12 20:25 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\Skype 2009-06-11 00:21 . 2009-06-11 00:21 -------- d-----w- c:\programfiler\Fellesfiler\Skype 2009-06-11 00:21 . 2009-06-11 00:21 -------- d-----r- c:\programfiler\Skype 2009-06-11 00:21 . 2009-06-11 00:21 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype 2009-06-11 00:16 . 2009-06-11 00:16 -------- d-----w- c:\documents and settings\Mitosuke\Programdata\ATI 2009-06-11 00:16 . 2009-06-11 00:16 -------- d-----w- c:\documents and settings\Mitosuke\Lokale innstillinger\Programdata\ATI 2009-06-11 00:16 . 2009-06-11 00:16 -------- d-----w- c:\documents and settings\All Users\Programdata\ATI 2009-06-11 00:14 . 2009-06-11 00:14 52629 ----a-w- c:\windows\BricoPackUninst.cmd 2009-06-11 00:13 . 2009-06-11 00:14 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2009-06-11 00:12 . 2009-06-11 00:12 -------- d-----w- c:\windows\BricoPacks 2009-06-11 00:06 . 2009-06-11 00:06 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-11 00:05 . 2009-06-11 00:07 -------- d-----w- c:\programfiler\ATI 2009-06-11 00:04 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe 2009-06-11 00:04 . 2009-06-11 10:38 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-06-11 00:04 . 2009-06-11 00:05 -------- d-----w- c:\programfiler\ATI Technologies 2009-06-11 00:04 . 2009-06-11 00:05 -------- d-----w- c:\programfiler\Fellesfiler\InstallShield 2009-06-11 00:03 . 2009-06-11 00:03 -------- d-----w- C:\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-12 13:04 . 2001-10-09 11:00 66686 ----a-w- c:\windows\system32\perfc014.dat 2009-06-12 13:04 . 2001-10-09 11:00 396586 ----a-w- c:\windows\system32\perfh014.dat 2009-06-11 12:24 . 2009-06-11 12:39 177882 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1044.dat 2009-06-11 07:31 . 2009-06-10 22:37 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8 2009-06-11 07:30 . 2009-06-10 22:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-11 07:30 . 2009-06-10 22:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-11 07:30 . 2009-06-10 22:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-11 07:30 . 2009-06-10 22:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-11 07:30 . 2009-06-10 22:37 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-06-11 01:12 . 2009-06-10 21:52 12912 ----a-w- c:\documents and settings\Mitosuke\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-06-11 00:14 . 2004-08-03 23:03 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-06-10 23:50 . 2009-06-10 23:50 0 ----a-w- c:\windows\nsreg.dat 2009-06-10 22:58 . 2009-06-10 21:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-10 22:37 . 2009-06-10 22:37 -------- d-----w- c:\programfiler\AVG 2009-06-10 21:46 . 2009-06-10 21:46 -------- d-----w- c:\programfiler\Elektroniske tjenester 2009-06-10 21:46 . 2009-06-10 21:46 -------- d-----w- c:\programfiler\Fellesfiler\Tjenester 2009-06-10 21:45 . 2009-06-10 21:45 21704 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-07 15:44 . 2004-08-03 23:03 344576 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:33 . 2006-02-15 17:48 667648 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:33 . 2004-08-03 23:03 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:59 . 2006-02-15 17:46 1847936 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:18 . 2004-08-03 23:03 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2009-02-22 02:36 . 2009-06-10 23:21 704522 --sh--r- c:\windows\test.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2009-04-16 24264488] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-08-03 1694208] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2009-06-11 321344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "SpIDerAgent"="c:\programfiler\DrWeb\SpIDerAgent.exe" [2009-02-16 423152] "SpIDerMail"="c:\programfiler\DrWeb\spiderml.exe" [2009-04-15 640240] "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2009-04-16 251144] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-06-12 148888] "test"="test.exe" - c:\windows\test.exe [2009-02-22 704522] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-11 07:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgam.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= P2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [16.04.2009 10:40 251144] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11.06.2009 00:37 12552] R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [12.06.2009 17:57 101496] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.06.2009 00:37 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.06.2009 00:37 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11.06.2009 09:30 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.06.2009 09:30 298776] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\programfiler\Fellesfiler\Doctor Web\Scanning Engine\dwengine.exe [21.01.2009 16:09 886072] R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [16.04.2009 10:40 394184] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - WMIAPSRV *Deregistered* - DwShield0000119D . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-12 c:\windows\Tasks\Dr.Web Daily scan.job - c:\programfiler\DrWeb\DrWeb32w.exe [2009-05-28 16:00] 2009-06-12 c:\windows\Tasks\Dr.Web Update.job - c:\programfiler\DrWeb\DrWebUpW.exe [2009-03-02 16:51] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local LSP: c:\programfiler\DrWeb\drwebsp.dll FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-12 23:05 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(744) c:\programfiler\DrWeb\drwebsp.dll - - - - - - - > 'explorer.exe'(1516) c:\windows\system32\ntshrui.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll . Tidspunkt ferdig: 2009-06-12 23:06 ComboFix-quarantined-files.txt 2009-06-12 21:06 ComboFix2.txt 2009-06-12 20:26 Pre-Run: 57 222 569 984 byte ledig Post-Run: 57 214 722 048 byte ledig 219 --- E O F --- 2009-06-12 12:49 Lenke til kommentar
dozer22 Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 Kan du pakke følgende filer i en zip/rar fil (helst passordbeskyttet) Bruk passord: infected C:\DOCUME~1\Mitosuke\LOKALE~1\Temp\catchme.sys dwprot.sys, DrWeb32w.exe og CF9978.exe (i windows\system32 eller windows\system32\drivers) Last opp zip/rar fila på www.rapidshare.com og send så linken på PM Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 Kan du pakke følgende filer i en zip/rar fil (helst passordbeskyttet) Bruk passord: infected C:\DOCUME~1\Mitosuke\LOKALE~1\Temp\catchme.sys dwprot.sys, DrWeb32w.exe og CF9978.exe (i windows\system32 eller windows\system32\drivers) Last opp zip/rar fila på www.rapidshare.com og send så linken på PM jeg finner bare den dwprot.sys Lenke til kommentar
snippsat Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 Du må avinstallere dr.web eller avg. Du kan ikke ha 2 kjørende antivirus. Kjenner du til denne filen? c:\windows\test.exe Loggen ser grei ut,hvordan går det med problemet? dwprot.sys, DrWeb32w.exe og CF9978.exe Dette er 2 filer fra dr.web og en fil combofix lager,da er det gode filer. Så jeg skjønner ikke hva du driver med. Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 Du må avinstallere dr.web eller avg.Du kan ikke ha 2 kjørende antivirus. Kjenner du til denne filen? c:\windows\test.exe Loggen ser grei ut,hvordan går det med problemet? dwprot.sys, DrWeb32w.exe og CF9978.exe Dette er 2 filer fra dr.web og en fil combofix lager,da er det gode filer. Så jeg skjønner ikke hva du driver med. Ja, den ligg der. test.exe Lenke til kommentar
snippsat Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 (endret) Får du scannet med virustotal eller jotti nå? Så scanner du filen der. Hvordan går det med problemet du hadde? Ser helts at du svarer på etter du har avinnstalert et antivrius og restartet. Endret 12. juni 2009 av SNIPPSAT Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 Får du scannet med virustotal eller jotti nå?Så scanner du filen der. Hvordan går det med problemet du hadde? Ser helts at du svarer på etter du har avinnstalert et antivrius og restartet. Gjorde det.. men virustotal og jotti linkene er fortsatt ikke tilgjengelig for meg samme problemet.. men PEV.exe er ikke lenger på task manager, dvs. at den treger ikke pc'en lenger. Uansett... vil gjerne ikke ha den i pc'en Lenke til kommentar
snippsat Skrevet 12. juni 2009 Rapporter Del Skrevet 12. juni 2009 Ja får du slettet den? Problemer bruk killbox Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 For og ser alle filer husk og gjør dette. Kontrolpanel->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Ta en scann med denne. Last ned OTViewIt til skrivebordet. Steng alle vinduer dobbelklikk på OTviewlt. Merk av på "scan all user" boks. KLikk på "Run Scan" la programmet kjøre. Ferdig vil den lage to logger,post OTViewIt.txt og Extras.txt i din neste post. Edit ja nå var OTviewlt nede,kjør combofix. Legg logger i spoiler. logg her Jeg får ikke til å åpne linken, det står bare 404 Not Found Lenke til kommentar
Mitosuke Skrevet 12. juni 2009 Forfatter Rapporter Del Skrevet 12. juni 2009 Jeg vet ikke helt om det hjelp da.. men får prøve... om den oppstår igjen, søker jeg hjelp her imorgen. tror du trenger søvn du å, takk for idag Lenke til kommentar
dozer22 Skrevet 13. juni 2009 Rapporter Del Skrevet 13. juni 2009 (endret) dwprot.sys, DrWeb32w.exe og CF9978.exe Dette er 2 filer fra dr.web og en fil combofix lager,da er det gode filer.Så jeg skjønner ikke hva du driver med. Jeg vil sjekke filene, enkelt og greit. Kjørte selv ComboFix og selv om programmet ikke ville starte da det kun var støttet av Windows 2000 og Windows XP (kjører selv XP og da burde det vel fungert?) laget det likevel mapper på harddisken og slettet noen register filer. Dette skjer kun dersom programmet er helt elendig skrevet eller at det er et virus. Jeg tror det siste. Dersom trådstarter sender meg de filene kan jeg eventuelt avkrefte om det dreier seg om virus. Endret 13. juni 2009 av dozer22 Lenke til kommentar
snippsat Skrevet 13. juni 2009 Rapporter Del Skrevet 13. juni 2009 Kjørte selv ComboFix og selv om programmet ikke ville starte da det kun var støttet av Windows 2000 og Windows XP Ikke uttal deg om noe du ikke har greie på. Combofix virker på vista(ikke 64bit) Der brukers OTviewIT. Se veiledning. Lenke til kommentar
dozer22 Skrevet 13. juni 2009 Rapporter Del Skrevet 13. juni 2009 Kjørte selv ComboFix og selv om programmet ikke ville starte da det kun var støttet av Windows 2000 og Windows XP Ikke uttal deg om noe du ikke har greie på. Combofix virker på vista(ikke 64bit) Der brukers OTviewIT. Se veiledning. Når jeg startet programmet fikk jeg beskjed om at det kun støttet Win 2000 og XP. Jeg vet da for faen hva jeg leser. Jeg er ikke blind. Tulling. Lenke til kommentar
bizarro_per Skrevet 13. juni 2009 Rapporter Del Skrevet 13. juni 2009 Kanskje snippsatt og dozer22 kan ta den lille krangelen om hvem som er størst(har størst...) på PM med hverandre, slik at de som trenger hjelp kan få litt oversiktlige svar. Ellers er det vel en veiledning her som man kan forholde seg til. En svarer og hjelper så langt det går, evt ber om ekstra hjelp fra andre proffer. Sitter en og trenger hjelp, og han ender opp med å se to krangle om hva som er best. Lenke til kommentar
snippsat Skrevet 13. juni 2009 Rapporter Del Skrevet 13. juni 2009 Ja vi kan ta det på PM. Når jeg startet programmet fikk jeg beskjed om at det kun støttet Win 2000 og XP. Jeg vet da for faen hva jeg leser. Jeg er ikke blind. Tulling. Du kan ikke si dette jeg sett utallige combofix logger fra vista. Måtte bare rette på dette,for dette blir for dumt. Da er jeg helt ferdig med dozer22 Mitosuke hvordan går det med problemet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå