Rootkits Explorer.exe

[Omuse]

Направих си провека със GMER за Rootkits и ми засече Explorer.exe,чудя се какво значи това?Компютъра не ми е правил проблеми.

[Night_Raven]

Копирай лога от GMER тук.

[Omuse]

Ми аз му дадох Kill proces,след което рестартирах компютъра.Сега пак го сканирам,но не го намира засега.

[Night_Raven]

Ами, без повече информация ние също не можем да внесем яснота.

[Omuse]

Сега не го засече.Но ето лога.Мисля,че няма нищо нередно.

 

GMER 1.0.15.15086 - http://www.gmer.net

Rootkit scan 2009-09-15 01:16:03

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\Goones\LOCALS~1\Temp\aujasnkj.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAA650A60]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAA635BF0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAA652920]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAA631F60]

SSDT F7B14466 ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAA6492B0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAA649BB0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAA630D10]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAA63CE40]

SSDT F7B1445C ZwCreateThread

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAA655F30]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAA63BB20]

SSDT F7B1446B ZwDeleteKey

SSDT F7B14475 ZwDeleteValueKey

SSDT spyt.sys ZwEnumerateKey [0xF742CCA4]

SSDT spyt.sys ZwEnumerateValueKey [0xF742D032]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAA646BB0]

SSDT F7B1447A ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAA63C6B0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAA634C10]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAA63DFC0]

SSDT F7B14448 ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAA631580]

SSDT F7B1444D ZwOpenThread

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAA651DA0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAA6368A0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAA640750]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAA640FA0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAA64FED0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAA644590]

SSDT F7B14484 ZwReplaceKey

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAA654A50]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAA654D70]

SSDT F7B1447F ZwRestoreKey

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAA642C80]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAA6434D0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAA653480]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAA64F440]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAA656520]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAA637BF0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAA6461C0]

SSDT F7B14470 ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAA64E190]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAA64EAC0]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAA655770]

SSDT F7B14457 ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAA64D620]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAA647530]

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAA6512B0]

 

INT 0x62 ? 82F70BF8

INT 0x63 ? 82CCCF00

INT 0x82 ? 82F70BF8

INT 0xA4 ? 82CCCF00

INT 0xB4 ? 82CCCF00

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!_abnormal_termination + 133 804E2E04 2 Bytes [30, 5F]

.text ntoskrnl.exe!_abnormal_termination + 136 804E2E07 1 Byte [AA]

.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 1 Byte [b0]

.text ntoskrnl.exe!_abnormal_termination + 34F 804E3020 2 Bytes [90, 45] {NOP ; INC EBP}

.text ntoskrnl.exe!_abnormal_termination + 352 804E3023 5 Bytes [AA, 84, 44, B1, F7] {STOSB ; TEST [ECX+ESI*4-0x9], AL}

.text ...

? spyt.sys The system cannot find the file specified. !

.text USBPORT.SYS!DllUnload F6D4562C 5 Bytes JMP 82CCC4E0

.text aivx7jsz.SYS F6CF5386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text aivx7jsz.SYS F6CF53AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text aivx7jsz.SYS F6CF53C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text aivx7jsz.SYS F6CF53C9 1 Byte [30]

.text aivx7jsz.SYS F6CF53C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text ...

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\winlogon.exe[588] ntdll.dll!NtLockProductActivationKeys 7C90DBC2 5 Bytes JMP 00CF1000 C:\WINDOWS\system32\antiwpa.dll

.text C:\WINDOWS\system32\winlogon.exe[588] USER32.dll!GetSystemMetrics 77D48F75 5 Bytes JMP 00CF1018 C:\WINDOWS\system32\antiwpa.dll

.text C:\WINDOWS\system32\winlogon.exe[588] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[588] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[588] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[588] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[648] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[648] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[864] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text E:\Свалени\GMER 1.0.15.15086\gmer.exe[1252] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text E:\Свалени\GMER 1.0.15.15086\gmer.exe[1252] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text E:\Свалени\GMER 1.0.15.15086\gmer.exe[1252] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text E:\Свалени\GMER 1.0.15.15086\gmer.exe[1252] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\acs.exe[1372] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 00532B64 D:\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1416] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1416] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1416] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1416] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1440] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1440] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1440] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1440] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1632] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1632] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1632] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1632] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1688] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1688] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1688] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1688] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1752] user32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1752] user32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1752] user32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1752] user32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Raxco\PerfectDisk10\PDAgent.exe[1820] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 0076B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Raxco\PerfectDisk10\PDAgent.exe[1820] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 0076B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Raxco\PerfectDisk10\PDAgent.exe[1820] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 0076B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Raxco\PerfectDisk10\PDAgent.exe[1820] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 0076B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1856] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 009BB1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1856] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 009BB174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1856] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 009BB1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1856] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 009BB224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005A3D04 D:\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] kernel32.dll!LoadResource 7C80A065 5 Bytes JMP 005A39E0 D:\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 005A3C80 D:\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] user32.dll!EnableWindow 77D4C4D4 5 Bytes JMP 0149A44C D:\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] user32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 005A3CD8 D:\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)

.text D:\Agnitum\OUTPOS~1\op_mon.exe[1876] user32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 005A3CAC D:\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\RunDll32.exe[1928] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\RunDll32.exe[1928] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\RunDll32.exe[1928] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\RunDll32.exe[1928] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\DAEMON Tools Lite\daemon.exe[1936] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 00A2B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\DAEMON Tools Lite\daemon.exe[1936] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 00A2B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\DAEMON Tools Lite\daemon.exe[1936] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 00A2B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\DAEMON Tools Lite\daemon.exe[1936] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 00A2B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\utorrent\uTorrent.exe[1948] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\utorrent\uTorrent.exe[1948] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\utorrent\uTorrent.exe[1948] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\utorrent\uTorrent.exe[1948] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1964] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1964] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1964] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1964] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Mozilla Firefox\firefox.exe[2204] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 00FCB1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Mozilla Firefox\firefox.exe[2204] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 00FCB174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Mozilla Firefox\firefox.exe[2204] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 00FCB1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Mozilla Firefox\firefox.exe[2204] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 00FCB224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Last.fm\LastFM.exe[2300] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 00B3B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Last.fm\LastFM.exe[2300] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 00B3B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Last.fm\LastFM.exe[2300] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 00B3B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text D:\Last.fm\LastFM.exe[2300] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 00B3B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Phone\Skype.exe[3608] USER32.dll!SetWindowPos 77D4C78E 5 Bytes JMP 1009B1A0 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Phone\Skype.exe[3608] USER32.dll!SetForegroundWindow 77D566A7 5 Bytes JMP 1009B174 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Phone\Skype.exe[3608] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 1009B1F8 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\Program Files\Skype\Phone\Skype.exe[3608] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 1009B224 d:\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F725E0

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F743FC4C] spyt.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F743FCA0] spyt.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740F042] spyt.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740F13E] spyt.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740F0C0] spyt.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740F800] spyt.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740F6D6] spyt.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F741EE9C] spyt.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82CCC5E0

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!swprintf] 01B05E00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!sprintf] 03D00304

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ZwClose] C4830000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoStartTimer] 020C868B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmUnlockPages] C600001C

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!_allmul] 001CA486

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!_except_handler3] 8B000023

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!_aulldiv] 00001CA9

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!strstr] 0E798366

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!_strupr] 74AAB000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!memmove] 001CAA86

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KeGetCurrentIrql] 89000001

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KfRaiseIrql] 0001BC83

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KfLowerIrql] 24468B00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!HalGetInterruptVector] 89820C8D

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!KfReleaseSpinLock] 000000BD

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!READ_PORT_USHORT] 83660000

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00

IAT \SystemRoot\System32\Drivers\aivx7jsz.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6CAC908] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA646190] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA633130] \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 82F6F1F8

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

Device \Driver\PCI_PNP5910 \Device\00000041 spyt.sys

Device \Driver\usbohci \Device\USBPDO-0 82CCF500

Device \Driver\usbohci \Device\USBPDO-1 82CCF500

Device \Driver\usbehci \Device\USBPDO-2 82C49500

Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

Device \Driver\sptd \Device\614124660 spyt.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDE1F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 82FDE1F8

Device \Driver\Cdrom \Device\CdRom0 82C7E500

Device \Driver\Ftdisk \Device\HarddiskVolume3 82FDE1F8

Device \Driver\Cdrom \Device\CdRom1 82C7E500

Device \Driver\atapi \Device\Ide\IdePort0 82F701F8

Device \Driver\atapi \Device\Ide\IdePort1 82F701F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82F701F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82F701F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 82C8D500

Device \Driver\NetBT \Device\NetbiosSmb 82C8D500

Device \Driver\NetBT \Device\NetBT_Tcpip_{A446CEE2-8ED7-4ABC-B4B3-4E7557DA36A1} 82C8D500

Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

Device \Driver\usbohci \Device\USBFDO-0 82CCF500

Device \Driver\usbohci \Device\USBFDO-1 82CCF500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82CA5500

Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

Device \Driver\usbehci \Device\USBFDO-2 82C49500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 82CA5500

Device \Driver\Ftdisk \Device\FtControl 82FDE1F8

Device \Driver\aivx7jsz \Device\Scsi\aivx7jsz1Port2Path0Target0Lun0 82C39500

Device \Driver\aivx7jsz \Device\Scsi\aivx7jsz1 82C39500

Device \FileSystem\Cdfs \Cdfs 82BF7500

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x50 0xDC 0xEE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x74 0xB3 0x46 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xA3 0x71 0x97 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x50 0xDC 0xEE ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x74 0xB3 0x46 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xA3 0x71 0x97 ...

 

---- EOF - GMER 1.0.15 ----

[Night_Raven]

Изглежда наред.

[Omuse]

Благодаря за отговора.А какво гледате като го дам тоя лог,питам за да мога следващия път сам да намеря ако има проблем.

[Slammer]

Благодаря за отговора.А какво гледате като го дам тоя лог,питам за да мога следващия път сам да намеря ако има проблем.

Гледаме какво си инсталирал, а също така и дали са останали вредители.

[Night_Raven]

Ами, то не е толкова просто за обяснение. Гледа се за обекти, които не бива да са там. Няма конкретен списък обаче кой обект е валиден и кой не е. Въпрос на опит и познаване на много и разнообразни програми.

[Pe6o]

GMER маркира проблемните елементи с червен цвят.

Трябва да се има впредвид, че програмата е строго профилирана: "Antyrootkit",

което значи, че ако имаш напр. вирус няма да го открие.

http://img147.imageshack.us/img147/2502/explorerexe1final.jpg http://img147.imageshack.us/img147/5321/explorerexe3final.jpg

 

http://img201.imageshack.us/img201/8035/newproject.jpg

http://img147.imageshack.us/img147/5963/nm1aa.gif

[Гост tnn]

Добре е периодично изпълнимите файлове на браузърите да се проверяват чрез Вирустотал. Ето например резултат за IE 8 / Win XP SP3/ - пътят до файла е C:\Program Files\Internet Explorer https://www.virustotal.com/ru/analisis/b18a...86e6-1253083278 Аналогично е и за другите браузъри. Ако някоя програма засече нещо - същата може да се използва за неутрализиране на заплахата. Поздрави