ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/09 18:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF779F000 Size: 19520 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7358000 Size: 188288 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2068992 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF3F5E000 Size: 138496 File Visible: - Signed: -
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF7557000 Size: 57344 File Visible: - Signed: -
Status: -
Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xF77FF000 Size: 32768 File Visible: - Signed: -
Status: -
Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xB9B6A000 Size: 87424 File Visible: - Signed: -
Status: -
Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB9742000 Size: 15104 File Visible: - Signed: -
Status: -
Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xF3E54000 Size: 135168 File Visible: - Signed: -
Status: -
Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF7677000 Size: 39104 File Visible: - Signed: -
Status: -
Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xBA4EC000 Size: 14336 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7310000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7AC2000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79A9000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF45DA000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7597000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF74C7000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF74B7000 Size: 36352 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7657000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_nvata.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xF3D9A000 Size: 106496 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF4044000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A90000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF786F000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76A7000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7767000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF72D6000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79A7000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7328000 Size: 125184 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D1000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF7132000 Size: 163840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF76C7000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7797000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF793F000 Size: 10368 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7577000 Size: 52096 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7587000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF3E75000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF4001000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7487000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7877000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB891E000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF710F000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72BF000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79AB000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF787F000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF460E000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7497000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB99AD000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF3E9B000 Size: 455680 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF777F000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF75F7000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF795B000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71C6000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7205000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7947000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBA4F8000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6C01000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7617000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7687000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF3F80000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7787000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7232000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2068992 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B84000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 4497408 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF6C2C000 Size: 3959712 File Visible: - Signed: -
Status: -
Name: nvata.sys
Image Path: nvata.sys
Address: 0xF72F6000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB91B1000 Size: 57856 File Visible: - Signed: -
Status: -
Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xF75B7000 Size: 40960 File Visible: - Signed: -
Status: -
Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xF6FF3000 Size: 1163264 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7347000 Size: 68736 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2068992 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF405C000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6BF0000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7747000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF717E000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF75C7000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF75D7000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF75E7000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF774F000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2068992 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF3F33000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79AD000 Size: 4224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF75A7000 Size: 58496 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB96CE000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF4080000 Size: 4534272 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7933000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7567000 Size: 64256 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xF71E0000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF7717000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xF71F2000 Size: 77824 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB983E000 Size: 353792 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF799D000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB992D000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF3FA8000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF773F000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7607000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6B92000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79A3000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF788F000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7627000 Size: 59520 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7887000 Size: 17152 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF715A000 Size: 147456 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF77B7000 Size: 26368 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7777000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6C18000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74A7000 Size: 52480 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76B7000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77CF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB95D1000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2068992 File Visible: - Signed: -
Status: -
Prosím o kontrolu Logu. Vyřešeno
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Je zasekaný v obou prohlížečích?
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Druhý prohlížeč sem nezkoušel. Jak sem psal, objevuje se to pouze prvních cca 15 minut po prvním přihlášení. Takže zitra dopo vyzkouším a napíši co dělá Explorer. zatím děkuji
Re: Prosím o kontrolu Logu.
Zkus ten druhý prohlížeč.
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Explorer se zdá být v pohodě. Pak sm zkusil Mozillu poprvé se sekla tak sem vše zavřel a pak sem ji zkusil po cca minutě zapnout znova a už v poradku, asi teda začnu používat jiný prohlížeč
Re: Prosím o kontrolu Logu.
Dej sem ještě log ze Rsitu, uklidím podle něj po použitých programech.
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Josef at 2010-08-10 13:33:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 140 GB (92%) free of 153 GB
Total RAM: 447 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:29, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Josef\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Josef.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4699 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-06-08 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-06-20 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
C:\Documents and Settings\Josef\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-08-09 18:25:37 ----A---- C:\root.txt
2010-08-09 13:42:09 ----SHD---- C:\RECYCLER
2010-08-08 15:03:01 ----A---- C:\ComboFix.txt
2010-08-08 11:13:55 ----RASHD---- C:\cmdcons
2010-08-08 11:09:37 ----D---- C:\WINDOWS\ERDNT
2010-08-08 09:53:01 ----D---- C:\rsit
2010-08-05 17:09:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-03 14:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-15 08:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
======List of files/folders modified in the last 1 months======
2010-08-10 13:33:22 ----D---- C:\Program Files\Trend Micro
2010-08-10 13:33:18 ----D---- C:\WINDOWS\Prefetch
2010-08-10 13:31:58 ----D---- C:\WINDOWS\Temp
2010-08-10 09:08:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-10 08:32:45 ----D---- C:\Documents and Settings\Josef\Data aplikací\ICQ
2010-08-09 22:03:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-09 18:24:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-09 18:13:12 ----D---- C:\WINDOWS
2010-08-09 13:51:24 ----D---- C:\WINDOWS\system32\Restore
2010-08-08 15:00:53 ----A---- C:\WINDOWS\system.ini
2010-08-08 15:00:45 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-08 15:00:25 ----D---- C:\WINDOWS\system32
2010-08-08 14:58:40 ----D---- C:\WINDOWS\AppPatch
2010-08-08 14:58:39 ----D---- C:\Program Files\Common Files
2010-08-08 11:13:59 ----RASH---- C:\boot.ini
2010-08-05 17:09:32 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-05 17:09:31 ----SHD---- C:\WINDOWS\Installer
2010-08-05 17:09:31 ----D---- C:\Config.Msi
2010-08-05 17:09:25 ----RD---- C:\Program Files
2010-08-03 14:27:27 ----HD---- C:\WINDOWS\inf
2010-08-03 14:27:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 14:12:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 12:05:22 ----D---- C:\WINDOWS\Debug
2010-08-01 11:56:52 ----D---- C:\WINDOWS\pss
2010-08-01 11:56:52 ----A---- C:\WINDOWS\win.ini
2010-08-01 11:56:52 ----A---- C:\Boot.bak
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 09:29:55 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 22:30:09 ----D---- C:\Documents and Settings\Josef\Data aplikací\Skype
2010-07-24 21:35:29 ----D---- C:\Documents and Settings\Josef\Data aplikací\skypePM
2010-07-23 19:25:48 ----SD---- C:\WINDOWS\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 catchme;catchme; \??\C:\DOCUME~1\Josef\LOCALS~1\Temp\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSICPL;MSICPL; \??\H:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\H:\NTACCESS.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-17 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
-----------------EOF-----------------
Run by Josef at 2010-08-10 13:33:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 140 GB (92%) free of 153 GB
Total RAM: 447 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:29, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Josef\Dokumenty\Stažené soubory\RSIT(2).exe
C:\Program Files\trend micro\Josef.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4699 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-06-08 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-06-20 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
C:\Documents and Settings\Josef\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-08-09 18:25:37 ----A---- C:\root.txt
2010-08-09 13:42:09 ----SHD---- C:\RECYCLER
2010-08-08 15:03:01 ----A---- C:\ComboFix.txt
2010-08-08 11:13:55 ----RASHD---- C:\cmdcons
2010-08-08 11:09:37 ----D---- C:\WINDOWS\ERDNT
2010-08-08 09:53:01 ----D---- C:\rsit
2010-08-05 17:09:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-03 14:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-15 08:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
======List of files/folders modified in the last 1 months======
2010-08-10 13:33:22 ----D---- C:\Program Files\Trend Micro
2010-08-10 13:33:18 ----D---- C:\WINDOWS\Prefetch
2010-08-10 13:31:58 ----D---- C:\WINDOWS\Temp
2010-08-10 09:08:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-10 08:32:45 ----D---- C:\Documents and Settings\Josef\Data aplikací\ICQ
2010-08-09 22:03:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-09 18:24:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-09 18:13:12 ----D---- C:\WINDOWS
2010-08-09 13:51:24 ----D---- C:\WINDOWS\system32\Restore
2010-08-08 15:00:53 ----A---- C:\WINDOWS\system.ini
2010-08-08 15:00:45 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-08 15:00:25 ----D---- C:\WINDOWS\system32
2010-08-08 14:58:40 ----D---- C:\WINDOWS\AppPatch
2010-08-08 14:58:39 ----D---- C:\Program Files\Common Files
2010-08-08 11:13:59 ----RASH---- C:\boot.ini
2010-08-05 17:09:32 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-05 17:09:31 ----SHD---- C:\WINDOWS\Installer
2010-08-05 17:09:31 ----D---- C:\Config.Msi
2010-08-05 17:09:25 ----RD---- C:\Program Files
2010-08-03 14:27:27 ----HD---- C:\WINDOWS\inf
2010-08-03 14:27:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 14:12:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 12:05:22 ----D---- C:\WINDOWS\Debug
2010-08-01 11:56:52 ----D---- C:\WINDOWS\pss
2010-08-01 11:56:52 ----A---- C:\WINDOWS\win.ini
2010-08-01 11:56:52 ----A---- C:\Boot.bak
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 09:29:55 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 22:30:09 ----D---- C:\Documents and Settings\Josef\Data aplikací\Skype
2010-07-24 21:35:29 ----D---- C:\Documents and Settings\Josef\Data aplikací\skypePM
2010-07-23 19:25:48 ----SD---- C:\WINDOWS\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 catchme;catchme; \??\C:\DOCUME~1\Josef\LOCALS~1\Temp\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSICPL;MSICPL; \??\H:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\H:\NTACCESS.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-17 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
-----------------EOF-----------------
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Stáhni si GooredFix
a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).
Pokud to nepomůže:
Zazálohuj si záložky v FF, odinstaluj FF a následně smaž tyto složky:
C:\Program Files\Mozilla Firefox
C:\Documents and Settings\Jméno\Data aplikací\Mozilla
C:\Documents and Settings\Jméno\Local Settings\Data aplikací\Mozilla
Stáhni si novou mozzilu FF, a nainstaluj si jí.
a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).
Pokud to nepomůže:
Zazálohuj si záložky v FF, odinstaluj FF a následně smaž tyto složky:
C:\Program Files\Mozilla Firefox
C:\Documents and Settings\Jméno\Data aplikací\Mozilla
C:\Documents and Settings\Jméno\Local Settings\Data aplikací\Mozilla
Stáhni si novou mozzilu FF, a nainstaluj si jí.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
nevím jestli to bude ono ten log. Je toho nejak moc posilam to proto ve dvou zpravach.Popripadne zitra si ji odinstaluji podle Vas. Zatim dekuji
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 14:05:34
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\Carnie\LOCALS~1\Temp\axlcapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB8E08FC9]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB8E09E96]
SSDT F155D7C4 ZwCreateThread
SSDT F155D7D3 ZwDeleteKey
SSDT F155D7DD ZwDeleteValueKey
SSDT F155D7E2 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB8E0A1E7]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB8E08F2D]
SSDT F155D7B0 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB8E09BBB]
SSDT F155D7B5 ZwOpenThread
SSDT F155D7EC ZwReplaceKey
SSDT F155D7E7 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xEB9A07B0]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB8E09FC3]
SSDT F155D7D8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF86A2994]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF77A9000, 0x1A3F84, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1428] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF3951F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 14:05:34
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\Carnie\LOCALS~1\Temp\axlcapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB8E08FC9]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB8E09E96]
SSDT F155D7C4 ZwCreateThread
SSDT F155D7D3 ZwDeleteKey
SSDT F155D7DD ZwDeleteValueKey
SSDT F155D7E2 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB8E0A1E7]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB8E08F2D]
SSDT F155D7B0 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB8E09BBB]
SSDT F155D7B5 ZwOpenThread
SSDT F155D7EC ZwReplaceKey
SSDT F155D7E7 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xEB9A07B0]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB8E09FC3]
SSDT F155D7D8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF86A2994]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF77A9000, 0x1A3F84, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[300] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[776] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[812] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[884] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1080] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1140] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1428] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1608] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1616] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1784] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1924] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1972] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF3951F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoCreateInstanceEx + 2 77500528 8 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!WriteProcessMemory + 2 7C802215 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoInitializeEx + 2 774FEF7D 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstanceEx + 2 77500528 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstance + 2 77500580 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetClassObject + 2 775156C7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetInstanceFromFile + 2 775401EC 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D6000A
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D7000A
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AC000C
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoCreateInstanceEx + 2 77500528 8 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2148] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\SearchIndexer.exe[2188] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[2724] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!WriteProcessMemory + 2 7C802215 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoInitializeEx + 2 774FEF7D 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstanceEx + 2 77500528 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstance + 2 77500580 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetClassObject + 2 775156C7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetInstanceFromFile + 2 775401EC 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[2916] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\Carnie\Desktop\GMER.exe[3020] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\dllhost.exe[3176] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[3700] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\msdtc.exe[3728] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D6000A
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D7000A
.text C:\WINDOWS\Explorer.EXE[3904] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AC000C
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll
-
j.o.s.i.f.e.k
- Level 1
- Příspěvky: 97
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
Takže nakonec těch zprav je tři Posilam posledni cast logu
(User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageW 7E41E666 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageExW 7E423654 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageExA 7E46AE97 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device -> \Driver\atapi \Device\Harddisk0\DR0 82ECBEC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{E192D44E-423B-48B2-A8CF-89D04AB9E170}?Tcpip\Parameters\Interfaces\{DA54B37E-45A3-4BFB-BAB3-EBF83B8FD759}?
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{215F9383-9C91-4309-949A-BEBDB5834543}@LLInterface
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{215F9383-9C91-4309-949A-BEBDB5834543}@IpConfig Tcpip\Parameters\Interfaces\{215F9383-9C91-4309-949A-BEBDB5834543}?
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{429BEF82-BB37-4517-AD5F-CF8C50EF602C}@LLInterface
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{429BEF82-BB37-4517-AD5F-CF8C50EF602C}@IpConfig
(User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageW 7E41E666 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageExW 7E423654 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessageExA 7E46AE97 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3904] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device -> \Driver\atapi \Device\Harddisk0\DR0 82ECBEC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{E192D44E-423B-48B2-A8CF-89D04AB9E170}?Tcpip\Parameters\Interfaces\{DA54B37E-45A3-4BFB-BAB3-EBF83B8FD759}?
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{215F9383-9C91-4309-949A-BEBDB5834543}@LLInterface
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{215F9383-9C91-4309-949A-BEBDB5834543}@IpConfig Tcpip\Parameters\Interfaces\{215F9383-9C91-4309-949A-BEBDB5834543}?
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{429BEF82-BB37-4517-AD5F-CF8C50EF602C}@LLInterface
Reg HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{429BEF82-BB37-4517-AD5F-CF8C50EF602C}@IpConfig
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu Logu.
zítra zkus poslat log z GooredFix a odinstalovat Mozzilu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 59 hostů