Page 5 of 9 FirstFirst 123456789 LastLast
Results 41 to 50 of 89

Thread: Please Help !!!!!

  1. 2007-10-16, 09:33 #41
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Logfile of HijackThis v1.99.1
    Scan saved at 14:37:11, on 16/10/2550
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SmartAdviser\EZAD\svchost.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\ViOrb\ViOrb.exe
    C:\Program Files\ViStart\ViStart.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  2. 2007-10-16, 09:40 #42
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    I have to say that your situation doesn't look good.

    Some rootkits files have come back.

    We can of course continue cleaning process if you like.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2007-10-16, 09:50 #43
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    OH.. How bad is it . If i continue cleaning it's will cause everything worse
  4. 2007-10-16, 15:17 #44
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    No but I can't guarantee that we get you clean.

    If you like to continue, we must do further research.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  5. 2007-10-16, 15:39 #45
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    I would like 2 continue cleanning . Thank You For Your Help Very Very Much
  6. 2007-10-16, 15:41 #46
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    * Download GMER from
    here:
    Unzip it and start GMER.exe
    Click the rootkit-tab and click scan.

    Once done, click the Copy button.
    This will copy the results to clipboard.
    Paste the results in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  7. 2007-10-16, 16:47 #47
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2007-10-16 21:49:19
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.13 ----

    SSDT d347bus.sys ZwClose
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile
    SSDT d347bus.sys ZwCreateKey
    SSDT d347bus.sys ZwCreatePagingFile
    SSDT d347bus.sys ZwEnumerateKey
    SSDT d347bus.sys ZwEnumerateValueKey
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile
    SSDT d347bus.sys ZwOpenKey
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess
    SSDT d347bus.sys ZwQueryKey
    SSDT d347bus.sys ZwQueryValueKey
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile
    SSDT d347bus.sys ZwSetSystemPowerState

    Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
    Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.13 ----

    .text ntoskrnl.exe!ZwYieldExecution 80509014 7 Bytes JMP B8DD988E \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 805793A1 7 Bytes JMP B8DD9864 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!NtCreateFile 8057D3C4 5 Bytes JMP B8DD9850 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057E2A3 5 Bytes JMP B8DD98BA \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!NtMapViewOfSection 8057E71B 7 Bytes JMP B8DD98A4 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwSetValueKey 8057FF13 7 Bytes JMP B8DD9826 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwTerminateProcess 8058C399 5 Bytes JMP B8DD983C \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwDeleteValueKey 805969F3 7 Bytes JMP B8DD9810 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwDeleteKey 80598177 7 Bytes JMP B8DD97E4 \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwCreateProcess 805C0BF0 5 Bytes JMP B8DD987A \SystemRoot\system32\drivers\mfehidk.sys
    PAGE ntoskrnl.exe!ZwRenameKey 8065410B 7 Bytes JMP B8DD97FA \SystemRoot\system32\drivers\mfehidk.sys

    ---- User code sections - GMER 1.0.13 ----

    .text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A80FE5
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A80F77
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A80F92
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A8006C
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A80FAF
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A80051
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A800C9
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A800A2
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A80F55
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A80F66
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00A80109
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00A80FCA
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00A8000A
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00A80091
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00A8002C
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00A8001B
    .text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00A800E4
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A70FDE
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A70F8D
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A70FEF
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A70025
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A70FA8
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A70FC3
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A7000A
    .text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A7004A
    .text C:\Program Files\MSN Messenger\usnsvc.exe[504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00650429
    .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004B0429
    .text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!connect 71AB406A 5 Bytes JMP 004B0536
    .text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!send 71AB428A 5 Bytes JMP 004B05E0
    .text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 004B0553
    .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005B0429
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70F68
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F7005D
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70040
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70F8D
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F70FA8
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F7007A
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F70F32
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!
  8. 2007-10-16, 16:48 #48
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    CreateProcessW 7C802332 5 Bytes JMP 00F700BA
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F7009F
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00F700CB
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00F7002F
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00F7000A
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00F70F4D
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00F70FB9
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00F70FD4
    .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00F70F17
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F6002C
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F6007A
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F6001B
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F60000
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F60069
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F60058
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F60FE5
    .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F60047
    .text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F30FEF
    .text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!connect 71AB406A 5 Bytes JMP 005B0536
    .text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!send 71AB428A 5 Bytes JMP 005B05E0
    .text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 005B0553
    .text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00F40FEF
    .text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00F40FDE
    .text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00F40FC3
    .text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00F40FB2
    .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB0000
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB00BC
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB00A1
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB0084
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0073
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0047
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB0F8F
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB00D7
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB00E8
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB0F4F
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00EB0F3E
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00EB0058
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00EB0011
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00EB0FAC
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00EB0036
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00EB0FE5
    .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00EB0F6A
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DF0FD4
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DF006C
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DF0FE5
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DF001B
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DF0051
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DF0040
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DF000A
    .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DF0FB9
    .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DC0FE5
    .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!send
    71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00DD0FEF
    .text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00DD0FDE
    .text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00DD000A
    .text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00DD001B
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B30FE5
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30062
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F6D
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30047
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B30F94
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B30FAF
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B30089
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F41
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F26
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B300B5
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00B30F01
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00B30036
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B30000
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00B30F52
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00B3001B
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00B30FCA
    .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00B300A4
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B20040
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B200AC
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B2002F
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B20FEF
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B2009B
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B20076
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B2000A
    .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B20065
  9. 2007-10-16, 16:49 #49
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    .text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AF0000
    .text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00B00000
    .text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00B00FDB
    .text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00B00FCA
    .text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00B00025
    .text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CB0FEF
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CB0F66
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CB0F77
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CB0051
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CB0036
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CB0025
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CB009D
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CB0F55
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CB00C2
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CB0F29
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00CB0F0E
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00CB0F9E
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00CB0FDE
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00CB0076
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00CB0FB9
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00CB0014
    .text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00CB0F44
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CA0FE5
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CA006C
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CA0036
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CA001B
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CA0FAF
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CA0051
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CA000A
    .text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CA0FCA
    .text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C7000A
    .text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00C80FEF
    .text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00C80014
    .text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00C80025
    .text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00C80FD4
    .text C:\Program Files\Windows Defender\MsMpEng.exe[940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00580429
    .text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00580536
    .text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!send 71AB428A 5 Bytes JMP 005805E0
    .text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00580553
    .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01EF0000
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01EF0F52
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01EF0F6D
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01EF0051
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01EF0F94
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01EF0036
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01EF007F
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01EF0F37
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01EF009A
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01EF0F0B
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 01EF00AB
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 01EF0FAF
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01EF0011
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 01EF0062
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 01EF0FC0
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 01EF0FDB
    .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 01EF0F1C
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01EE0022
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01EE0047
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01EE0011
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01EE0000
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01EE0F8A
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01EE0F9B
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01EE0FEF
    .text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01EE0FB6
    .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CF000A
    .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01D00FEF
    .text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01D00FD4
    .text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01D00014
    .text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01D00FC3
    .text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD0F7C
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD007B
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD0F97
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD004A
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0FB2
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD00A9
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD0098
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD0F32
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD00CB
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00AD00E6
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00AD0039
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00AD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00AD0F61
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00AD0FC3
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00AD0FDE
    .text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00AD00BA
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC0036
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC0F83
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC001B
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0F94
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0FAF
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0FC0
    .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A90FEF
    .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00AA0FEF
    .text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00AA0FD4
    .text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00AA0FC3
    .text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenUrlW
  10. 2007-10-16, 16:50 #50
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    77215A51 5 Bytes JMP 00AA0FA8
    .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B60000
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B60F4E
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B60F5F
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B60F7C
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B60F8D
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B60FB9
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B60F2C
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B60F3D
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B600AA
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B60099
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00B600BB
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00B60FA8
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B60FE5
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes J
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00B60025
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00B60FD4
    .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00B60F1B
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A40036
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A4008E
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A4001B
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A4000A
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A4007D
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A4006C
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A40FEF
    .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A40051
    .text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10000
    .text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
    .text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
    .text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
    .text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00A20FEF
    .text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00A20FD4
    .text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00A20FC3
    .text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00A20FA8
    .text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00930429
    .text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00930536
    .text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!send 71AB428A 5 Bytes JMP 009305E0
    .text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00930553
    .text C:\Documents and Settings\user\Desktop\gmer.exe[1344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A00429
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250F74
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250073
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250062
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250FA5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F43
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250095
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002500D2
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002500B7
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00250F28
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00250051
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00250014
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00250084
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00250040
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 0025002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 002500A6
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00340FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0034006C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0034002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0034001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00340051
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00340FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00340000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00340FC0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamW 77D5737A 5 Bytes JMP 00C55415 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamW 77D6204B 5 Bytes JMP 00DEC510 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectA 77D6A062 5 Bytes JMP 00DEC491 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamA 77D6B124 5 Bytes JMP 00DEC4D5 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExW 77D80540 5 Bytes JMP 00DEC3D9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExA 77D80564 5 Bytes JMP 00DEC413 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamA 77D86CB5 5 Bytes JMP 00DEC54B C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectW 77D9609B 5 Bytes JMP 00DEC44D C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01F10000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01F10FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01F10FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01F10FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 024E0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!connect 71AB406A 5 Bytes JMP 003C0536
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!send 71AB428A 5 Bytes JMP 003C05E0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003C0553
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00680429
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00680536
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!send 71AB428A 5 Bytes JMP 006805E0
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00680553 MP 00B6005E
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules