[ mokus-mokus @ 30.01.2011. 11:22 ] @
Pozdrav, ljudi drug mi je uvalio neki keylogger i dok je pravio taj fajl imao je da čekira dali zeli da žrtvi disejbluje desni klik miša on je to čekirao i dao mi ga je tj. "uvalio" i ja ne mogu da koristim desni klik vise!
U pitanju je ovaj keylogger The Smoke Keylogger....
Probao sam sa raznim programima ali nije uspelo..
Sta da radim?

PS: bez glupih komentara..ispao sam glup :/
[ goran9888 @ 30.01.2011. 15:56 ] @
Prepotsavljam da mozes da ga "ubijes" iz Task Manager-a.



Preuzmi DDS na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds,kad zavrsi, otvorice se dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop i okaci ih u sledecoj poruci.
[ mokus-mokus @ 31.01.2011. 08:24 ] @
DDS:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 9:24:46,70 on pon 31.01.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.327 [GMT 1:00]


============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
D:\WINDOWS\system32\svchost -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\FsUsbExService.Exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Eltima Software\USB to Ethernet Connector\UsbService.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\System32\alg.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Owner\My Documents\Downloads\dds.com
D:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
uStart Page = hxxp://www.google.rs/
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "d:\program files\msn messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "d:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [IObit Security 360] "d:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [NPSStartup]
mRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewContextMenu = 1 (0x1)
uPolicies-system: DisableRegistryTools = 0
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoViewContextMenu = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~4\office11\EXCEL.EXE/3000
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\owner\applic~1\mozilla\firefox\profiles\33y3rklc.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/en/index.php?rvs=google
FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/en/index.php?rvs=google
FF - plugin: d:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: KeyScrambler: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;d:\windows\system32\drivers\mv61xx.sys [2009-4-20 151592]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 FsUsbExService;FsUsbExService;d:\windows\system32\FsUsbExService.Exe [2011-1-8 233472]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2010-8-13 312152]
R2 UsbService;Eltima Usb to Ethernet Connector;d:\program files\eltima software\usb to ethernet connector\UsbService.exe [2011-1-8 2349640]
R3 ELTIMA_USB_HUB_FILTER;Eltima usb hub filter;d:\program files\eltima software\usb to ethernet connector\drv\nt5\fusbhub.sys [2011-1-8 56136]
R3 eustub;Usb Stub (Eltima software);d:\windows\system32\drivers\eusbstub.sys [2011-1-8 12488]
R3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [2011-1-8 36608]
R3 vuhub;Virtual Usb Hub;d:\windows\system32\drivers\vuhub.sys [2011-1-8 51400]
S0 TfFsMon;TfFsMon;d:\windows\system32\drivers\tffsmon.sys --> d:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;d:\windows\system32\drivers\tfsysmon.sys --> d:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-1-18 136176]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);d:\windows\system32\drivers\ss_bbus.sys [2011-1-8 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);d:\windows\system32\drivers\ss_bmdfl.sys [2011-1-8 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;d:\windows\system32\drivers\ss_bmdm.sys [2011-1-8 121856]
S3 TfNetMon;TfNetMon;\??\d:\windows\system32\drivers\tfnetmon.sys --> d:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2011-01-30 12:37:22 -------- d-----w- d:\docume~1\owner\locals~1\applic~1\Adobe
2011-01-29 18:18:21 -------- d-----w- d:\docume~1\owner\locals~1\applic~1\Adobe-BackupByPhotoshopPortable
2011-01-29 18:18:21 -------- d-----w- d:\docume~1\alluse~1\applic~1\Adobe-BackupByPhotoshopPortable
2011-01-29 18:18:20 -------- d-----w- d:\docume~1\owner\applic~1\Adobe-BackupByPhotoshopPortable
2011-01-28 12:11:18 -------- d-----w- D:\PhotoShop CS4
2011-01-24 19:02:42 -------- d-----w- D:\25 to life
2011-01-20 17:01:22 -------- d-----w- d:\program files\NJ Soft
2011-01-15 12:29:18 -------- d-----w- D:\World of Warcraft
2011-01-12 12:45:15 -------- d-----w- d:\docume~1\owner\locals~1\applic~1\ESET
2011-01-12 11:30:55 253952 ------w- d:\windows\system32\dllcache\odbc32.dll
2011-01-12 11:30:55 200704 ------w- d:\windows\system32\dllcache\msadox.dll
2011-01-12 11:30:55 180224 ------w- d:\windows\system32\dllcache\msadomd.dll
2011-01-12 11:30:55 143360 ------w- d:\windows\system32\dllcache\msadco.dll
2011-01-12 11:30:55 102400 ------w- d:\windows\system32\dllcache\msjro.dll
2011-01-11 21:36:53 -------- dc-h--w- d:\docume~1\alluse~1\applic~1\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-11 21:36:49 -------- d-----w- d:\program files\Uniblue
2011-01-09 11:03:53 -------- d-----w- D:\Marijana
2011-01-09 09:25:29 22328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-01-09 09:25:29 22328 ----a-w- d:\docume~1\owner\applic~1\PnkBstrK.sys
2011-01-09 09:25:13 103736 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-01-09 09:25:12 66872 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-01-09 09:25:12 -------- d-----w- d:\windows\system32\LogFiles
2011-01-09 09:14:09 -------- d-sh--w- d:\windows\ftpcache
2011-01-08 18:19:31 -------- d-----w- d:\docume~1\alluse~1\applic~1\AutoUpdate
2011-01-08 18:18:57 12488 ----a-w- d:\windows\system32\drivers\eusbstub.sys
2011-01-08 18:18:52 51400 ----a-w- d:\windows\system32\drivers\vuhub.sys
2011-01-08 18:18:50 -------- d-----w- d:\program files\Eltima Software
2011-01-08 17:38:29 90624 ----a-w- d:\windows\system32\nmwcdcls.dll
2011-01-08 17:38:02 90112 ----a-w- d:\windows\system32\drivers\ss_bbus.sys
2011-01-08 17:38:02 14976 ----a-w- d:\windows\system32\drivers\ss_bmdfl.sys
2011-01-08 17:38:02 121856 ----a-w- d:\windows\system32\drivers\ss_bmdm.sys
2011-01-08 17:38:02 12160 ----a-w- d:\windows\system32\drivers\ss_bwhnt.sys
2011-01-08 17:38:02 12160 ----a-w- d:\windows\system32\drivers\ss_bwh.sys
2011-01-08 17:38:02 12160 ----a-w- d:\windows\system32\drivers\ss_bcmnt.sys
2011-01-08 17:38:02 12160 ----a-w- d:\windows\system32\drivers\ss_bcm.sys
2011-01-08 17:37:56 -------- d-----w- d:\windows\system32\Samsung_USB_Drivers
2011-01-08 17:37:49 36608 ----a-w- d:\windows\system32\FsUsbExDisk.Sys
2011-01-08 17:37:49 233472 ----a-w- d:\windows\system32\FsUsbExService.Exe
2011-01-08 17:37:49 110592 ----a-w- d:\windows\system32\FsUsbExDevice.Dll
2011-01-08 17:37:39 -------- d-----w- d:\docume~1\owner\applic~1\Samsung
2011-01-08 17:37:18 -------- d-----w- d:\program files\MarkAny
2011-01-08 17:37:16 -------- d-----w- d:\program files\PC Connectivity Solution
2011-01-08 17:36:59 -------- d-----w- d:\program files\Samsung
2011-01-05 14:54:00 -------- d-----w- d:\docume~1\alluse~1\applic~1\Trymedia
2011-01-05 14:51:47 -------- d-----w- d:\program files\RealArcade
2011-01-05 12:52:39 -------- d-----w- d:\docume~1\owner\applic~1\Uniblue
2011-01-05 12:52:20 -------- d-----w- d:\docume~1\owner\locals~1\applic~1\PackageAware
2011-01-04 23:17:09 -------- d-----w- d:\documents and settings\all users\Keylogger Detector
2011-01-04 16:42:35 -------- d-----w- d:\program files\Trymedia
2011-01-03 16:54:19 -------- d-----w- d:\docume~1\alluse~1\applic~1\PopCap Games
2011-01-03 16:50:54 -------- d-----w- d:\program files\PopCap Games
2011-01-03 14:41:18 -------- d-----w- d:\program files\common files\Adobe-BackupByPhotoshopPortable

==================== Find3M ====================

2010-12-03 16:49:00 108144 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-11-18 18:12:44 81920 ----a-w- d:\windows\system32\isign32.dll
2010-11-09 14:50:47 253952 ----a-w- d:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- d:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- d:\windows\system32\html.iec

============= FINISH: 9:25:17,81 ===============





Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25.5.2010 14:16:47
System Uptime: 31.1.2011 8:54:07 (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7235
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | CPU 1 | 1599/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 3,764 GiB free.
D: is FIXED (NTFS) - 120 GiB total, 85,816 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F50&SUBSYS_205F14F1&REV_01\4&1FAF5EA3&0&00F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F50&SUBSYS_205F14F1&REV_01\4&1FAF5EA3&0&00F0
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microcode Update Device
Device ID: ROOT\SYSTEM\0001
Manufacturer: (Standard system devices)
Name: Microcode Update Device
PNP Device ID: ROOT\SYSTEM\0001
Service: update

==== System Restore Points ===================

RP154: 30.10.2010 8:25:09 - Software Distribution Service 3.0
RP155: 30.10.2010 15:24:47 - Software Distribution Service 3.0
RP156: 30.10.2010 22:36:55 - Software Distribution Service 3.0
RP157: 31.10.2010 19:09:10 - Software Distribution Service 3.0
RP158: 31.10.2010 22:06:02 - Software Distribution Service 3.0
RP159: 1.11.2010 20:51:07 - Software Distribution Service 3.0
RP160: 2.11.2010 6:52:46 - Software Distribution Service 3.0
RP161: 2.11.2010 15:03:04 - Software Distribution Service 3.0
RP162: 2.11.2010 21:29:57 - Software Distribution Service 3.0
RP163: 3.11.2010 15:20:37 - Software Distribution Service 3.0
RP164: 3.11.2010 22:06:44 - Software Distribution Service 3.0
RP165: 4.11.2010 19:16:37 - Software Distribution Service 3.0
RP166: 5.11.2010 6:59:24 - Software Distribution Service 3.0
RP167: 5.11.2010 7:18:52 - Software Distribution Service 3.0
RP168: 6.11.2010 8:52:48 - Software Distribution Service 3.0
RP169: 6.11.2010 10:33:26 - Installed ACDSee Photo Manager 2009.
RP170: 6.11.2010 13:03:44 - Software Distribution Service 3.0
RP171: 6.11.2010 20:58:17 - Removed ACDSee Photo Manager 2009.
RP172: 6.11.2010 21:17:41 - Removed The Godfather™ II
RP173: 7.11.2010 7:05:10 - Software Distribution Service 3.0
RP174: 7.11.2010 9:41:18 - Software Distribution Service 3.0
RP175: 8.11.2010 8:15:18 - Software Distribution Service 3.0
RP176: 8.11.2010 9:53:22 - Software Distribution Service 3.0
RP177: 8.11.2010 22:30:35 - Software Distribution Service 3.0
RP178: 9.11.2010 9:12:45 - Software Distribution Service 3.0
RP179: 10.11.2010 8:38:42 - Software Distribution Service 3.0
RP180: 11.11.2010 9:50:16 - Software Distribution Service 3.0
RP181: 11.11.2010 22:27:52 - Software Distribution Service 3.0
RP182: 12.11.2010 11:26:39 - Software Distribution Service 3.0
RP183: 13.11.2010 10:02:36 - Software Distribution Service 3.0
RP184: 13.11.2010 21:01:10 - Software Distribution Service 3.0
RP185: 14.11.2010 11:56:04 - Software Distribution Service 3.0
RP186: 14.11.2010 12:01:22 - Removed Skype™ 4.2
RP187: 14.11.2010 12:01:48 - Removed Opera 10.62.
RP188: 14.11.2010 12:20:53 - Software Distribution Service 3.0
RP189: 14.11.2010 13:26:25 - Software Distribution Service 3.0
RP190: 14.11.2010 21:28:17 - Software Distribution Service 3.0
RP191: 15.11.2010 16:06:28 - Software Distribution Service 3.0
RP192: 15.11.2010 20:31:35 - Software Distribution Service 3.0
RP193: 16.11.2010 14:55:16 - Software Distribution Service 3.0
RP194: 17.11.2010 13:12:09 - Software Distribution Service 3.0
RP195: 17.11.2010 18:34:24 - Software Distribution Service 3.0
RP196: 18.11.2010 14:00:52 - Software Distribution Service 3.0
RP197: 18.11.2010 15:57:06 - Software Distribution Service 3.0
RP198: 18.11.2010 19:02:40 - Software Distribution Service 3.0
RP199: 18.11.2010 20:25:05 - Installed Windows Movie Maker 2.0
RP200: 18.11.2010 20:25:31 - Installed Windows Movie Maker 2.0
RP201: 18.11.2010 22:00:05 - Software Distribution Service 3.0
RP202: 19.11.2010 22:08:53 - Software Distribution Service 3.0
RP203: 20.11.2010 11:02:27 - Software Distribution Service 3.0
RP204: 20.11.2010 22:14:28 - Software Distribution Service 3.0
RP205: 21.11.2010 7:35:44 - Software Distribution Service 3.0
RP206: 21.11.2010 9:47:03 - Software Distribution Service 3.0
RP207: 21.11.2010 13:29:44 - Software Distribution Service 3.0
RP208: 21.11.2010 21:21:47 - Software Distribution Service 3.0
RP209: 22.11.2010 22:56:19 - Software Distribution Service 3.0
RP210: 23.11.2010 9:35:32 - Installed TMNT
RP211: 23.11.2010 10:59:26 - Software Distribution Service 3.0
RP212: 23.11.2010 13:01:51 - Software Distribution Service 3.0
RP213: 23.11.2010 19:01:56 - Software Distribution Service 3.0
RP214: 23.11.2010 22:41:59 - Software Distribution Service 3.0
RP215: 24.11.2010 12:04:22 - Installed Yu-Gi-Oh! ONLINE 3.
RP216: 24.11.2010 22:10:25 - Software Distribution Service 3.0
RP217: 25.11.2010 10:52:57 - Software Distribution Service 3.0
RP218: 25.11.2010 12:22:55 - Software Distribution Service 3.0
RP219: 25.11.2010 16:33:08 - Software Distribution Service 3.0
RP220: 25.11.2010 22:05:34 - Software Distribution Service 3.0
RP221: 26.11.2010 12:24:36 - Software Distribution Service 3.0
RP222: 26.11.2010 22:22:46 - Software Distribution Service 3.0
RP223: 27.11.2010 20:18:28 - Software Distribution Service 3.0
RP224: 27.11.2010 21:11:39 - Software Distribution Service 3.0
RP225: 27.11.2010 23:19:39 - Software Distribution Service 3.0
RP226: 28.11.2010 20:55:33 - Software Distribution Service 3.0
RP227: 30.11.2010 13:04:05 - Software Distribution Service 3.0
RP228: 30.11.2010 13:12:18 - Software Distribution Service 3.0
RP229: 30.11.2010 18:40:49 - Software Distribution Service 3.0
RP230: 30.11.2010 21:14:10 - Software Distribution Service 3.0
RP231: 1.12.2010 21:16:05 - System Checkpoint
RP232: 1.12.2010 22:30:01 - Software Distribution Service 3.0
RP233: 2.12.2010 7:21:35 - Software Distribution Service 3.0
RP234: 2.12.2010 21:53:05 - Software Distribution Service 3.0
RP235: 3.12.2010 7:14:51 - Software Distribution Service 3.0
RP236: 3.12.2010 13:09:37 - Software Distribution Service 3.0
RP237: 3.12.2010 15:59:05 - Software Distribution Service 3.0
RP238: 3.12.2010 17:03:12 - Removed Yu-Gi-Oh! ONLINE 3.
RP239: 3.12.2010 17:37:55 - Installed Driver: Parallel Lines
RP240: 3.12.2010 17:45:03 - Installed DirectX
RP241: 4.12.2010 7:40:34 - Software Distribution Service 3.0
RP242: 4.12.2010 11:57:09 - Software Distribution Service 3.0
RP243: 4.12.2010 22:12:04 - Software Distribution Service 3.0
RP244: 4.12.2010 22:37:43 - Software Distribution Service 3.0
RP245: 6.12.2010 8:37:43 - Software Distribution Service 3.0
RP246: 6.12.2010 10:06:42 - Software Distribution Service 3.0
RP247: 6.12.2010 23:13:53 - Software Distribution Service 3.0
RP248: 7.12.2010 11:57:01 - Software Distribution Service 3.0
RP249: 7.12.2010 13:12:07 - Software Distribution Service 3.0
RP250: 7.12.2010 22:55:29 - Software Distribution Service 3.0
RP251: 8.12.2010 12:59:47 - Software Distribution Service 3.0
RP252: 8.12.2010 22:12:08 - Software Distribution Service 3.0
RP253: 9.12.2010 11:20:50 - Software Distribution Service 3.0
RP254: 9.12.2010 22:37:15 - Software Distribution Service 3.0
RP255: 10.12.2010 12:20:48 - Software Distribution Service 3.0
RP256: 10.12.2010 13:07:41 - Software Distribution Service 3.0
RP257: 10.12.2010 22:34:02 - Software Distribution Service 3.0
RP258: 11.12.2010 21:48:09 - Software Distribution Service 3.0
RP259: 11.12.2010 22:56:33 - Software Distribution Service 3.0
RP260: 13.12.2010 13:13:09 - Software Distribution Service 3.0
RP261: 13.12.2010 20:11:55 - Software Distribution Service 3.0
RP262: 14.12.2010 16:06:55 - Software Distribution Service 3.0
RP263: 14.12.2010 21:23:42 - Software Distribution Service 3.0
RP264: 15.12.2010 22:19:21 - Software Distribution Service 3.0
RP265: 16.12.2010 19:55:27 - Software Distribution Service 3.0
RP266: 17.12.2010 17:11:17 - Removed Driver: Parallel Lines
RP267: 17.12.2010 21:12:59 - Software Distribution Service 3.0
RP268: 17.12.2010 22:09:08 - Software Distribution Service 3.0
RP269: 18.12.2010 20:29:14 - Installed DirectX
RP270: 18.12.2010 21:32:01 - Software Distribution Service 3.0
RP271: 19.12.2010 21:25:09 - Software Distribution Service 3.0
RP272: 20.12.2010 22:37:25 - System Checkpoint
RP273: 20.12.2010 22:39:06 - Software Distribution Service 3.0
RP274: 21.12.2010 11:37:56 - Software Distribution Service 3.0
RP275: 21.12.2010 23:32:53 - Software Distribution Service 3.0
RP276: 22.12.2010 10:08:40 - Software Distribution Service 3.0
RP277: 22.12.2010 12:58:29 - Software Distribution Service 3.0
RP278: 22.12.2010 23:11:17 - Software Distribution Service 3.0
RP279: 23.12.2010 21:01:14 - Software Distribution Service 3.0
RP280: 24.12.2010 9:15:04 - Software Distribution Service 3.0
RP281: 24.12.2010 21:04:41 - Software Distribution Service 3.0
RP282: 24.12.2010 23:39:36 - Software Distribution Service 3.0
RP283: 25.12.2010 15:44:52 - Software Distribution Service 3.0
RP284: 26.12.2010 0:32:18 - Software Distribution Service 3.0
RP285: 26.12.2010 21:58:48 - Software Distribution Service 3.0
RP286: 28.12.2010 10:24:12 - Software Distribution Service 3.0
RP287: 28.12.2010 15:49:18 - Installed Nero 7
RP288: 28.12.2010 23:00:50 - Software Distribution Service 3.0
RP289: 29.12.2010 21:00:17 - Software Distribution Service 3.0
RP290: 30.12.2010 12:40:04 - Software Distribution Service 3.0
RP291: 31.12.2010 10:06:50 - Software Distribution Service 3.0
RP292: 1.1.2011 1:01:38 - Software Distribution Service 3.0
RP293: 1.1.2011 17:10:27 - Installed WinZip 15.0
RP294: 1.1.2011 23:16:00 - Software Distribution Service 3.0
RP295: 3.1.2011 0:07:53 - Software Distribution Service 3.0
RP296: 3.1.2011 15:41:15 - Installed Adobe Reader X.
RP297: 3.1.2011 22:15:52 - Software Distribution Service 3.0
RP298: 4.1.2011 17:23:53 - Removed WinZip 15.0
RP299: 4.1.2011 19:48:17 - Removed Nero 7 Premium
RP300: 5.1.2011 0:40:17 - Spyware Terminator - restore point
RP301: 5.1.2011 12:01:03 - Software Distribution Service 3.0
RP302: 5.1.2011 13:38:03 - Spyware Terminator - restore point
RP303: 6.1.2011 3:00:14 - Software Distribution Service 3.0
RP304: 7.1.2011 3:00:17 - Software Distribution Service 3.0
RP305: 8.1.2011 13:16:35 - Software Distribution Service 3.0
RP306: 8.1.2011 18:36:43 - Installed Samsung New PC Studio
RP307: 8.1.2011 18:39:17 - Installed Samsung New PC Studio USB Driver Installer
RP308: 9.1.2011 1:08:53 - Software Distribution Service 3.0
RP309: 9.1.2011 10:14:44 - Installed Call of Duty(R) 4 - Modern Warfare(TM)
RP310: 9.1.2011 10:29:56 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
RP311: 9.1.2011 10:32:12 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
RP312: 10.1.2011 11:08:13 - Software Distribution Service 3.0
RP313: 10.1.2011 16:53:10 - Removed Call of Duty(R) 4 - Modern Warfare(TM)
RP314: 11.1.2011 1:11:41 - Software Distribution Service 3.0
RP315: 11.1.2011 23:22:21 - Software Distribution Service 3.0
RP316: 12.1.2011 13:35:57 - Installed ESET NOD32 Antivirus
RP317: 13.1.2011 0:12:43 - Software Distribution Service 3.0
RP318: 14.1.2011 10:41:41 - Software Distribution Service 3.0
RP319: 14.1.2011 23:55:18 - Software Distribution Service 3.0
RP320: 15.1.2011 23:13:29 - Software Distribution Service 3.0
RP321: 16.1.2011 22:58:26 - Software Distribution Service 3.0
RP322: 17.1.2011 22:48:49 - Software Distribution Service 3.0
RP323: 19.1.2011 0:30:03 - Software Distribution Service 3.0
RP324: 20.1.2011 9:33:07 - Software Distribution Service 3.0
RP325: 21.1.2011 0:10:17 - Software Distribution Service 3.0
RP326: 22.1.2011 11:52:22 - Software Distribution Service 3.0
RP327: 22.1.2011 22:46:10 - Software Distribution Service 3.0
RP328: 23.1.2011 22:05:37 - Software Distribution Service 3.0
RP329: 24.1.2011 14:07:42 - Software Distribution Service 3.0
RP330: 24.1.2011 21:44:33 - Software Distribution Service 3.0
RP331: 26.1.2011 13:08:38 - Software Distribution Service 3.0
RP332: 26.1.2011 22:30:26 - Software Distribution Service 3.0
RP333: 28.1.2011 8:50:28 - Software Distribution Service 3.0
RP334: 28.1.2011 22:39:33 - Software Distribution Service 3.0
RP335: 29.1.2011 23:10:52 - Software Distribution Service 3.0
RP336: 31.1.2011 8:56:42 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader X
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Google Chrome
Google Update Helper
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IObit Security 360
Java Auto Updater
Java(TM) 6 Update 22
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (3.6.8)
MSN Messenger 7.0
MSXML 4.0 SP3 Parser
muvee autoProducer 3.5 magicMoments
neroxml
NVIDIA Drivers
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.0
Uniblue RegistryBooster
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB to Ethernet Connector 4.0 (Build 4.0.0.574)
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

31.1.2011 8:56:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
30.1.2011 15:49:50, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ThreatFire service to connect.
30.1.2011 15:49:50, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30.1.2011 15:49:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
30.1.2011 15:49:09, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26.1.2011 13:05:52, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019DB62C279 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
24.1.2011 21:44:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

==== End Of File ===========================

Nisam ih sacuvao na desktopu :P
Dali je to problem?
[ goran9888 @ 31.01.2011. 15:59 ] @
Ti nemas instaliran antivirus na racunaru.

SUPERAntiSpyware i IObit Security 360 ne mogu biti zamena za AV. Oni mogu samo da budu "asistenti" AV-u mada moj predlog ti je da ih deisntaliras i instaliras neki (samo jedan) besplatni AV tipa Avast, Avira, AVG, Bit Deffender, Panda Cloud Free, Microsoft Security Essentials, itd.




Moraces da izvrsis skeniranje GMER-om i da mi postavis potrebne log-ove:


Skini GMER i snimi na Desktop:
http://www2.gmer.net/download.php


Pokreni ga dvoklikom ...

Sacekaj da se zavrsi uvodno skeniranje, nakon toga klikni na Scan, sacekaj (skeniranje moze da potraje) da se skeniranje zavrsi pa klikni na Save (izvestaj sacuvaj na Desktop pod nazivom Gmer1).

Nakon toga ...

Klikni desnim tasterom u prozor programa Gmer i odaberite Options > Only non MS files - kliknite Scan.
Nakon kratkog skeniranja, klikni na Save i taj log sacuvaj kao Gmer2 na Desktop.


I jos ...

Klikni taster >>> (u GMER-u) i odaberite Autostart karticu.

Izvrsice se kratkotrajno skeniranje nakon cega trebas da pritisnes Copy, otvoris Notepad i kliknes u Notepad-u Edit -> Paste. Taj log takodje sacuvas na Desktop-u pod nazivom Gmer3.


(slikovit prikaz): http://amf.mycity.rs/pg/images/GMERScan.gif

Sva tri izvestaja okaci u sledecoj poruci.
[ mokus-mokus @ 31.01.2011. 18:05 ] @
Instalirao sam anti virus..
Problem je sto kada pokrenem taj tvoj program restartuje mi se kompjuter i prikaze se blue screen of death... :P
Sta da radim?
[ mokus-mokus @ 31.01.2011. 18:27 ] @
Nisam mogao da editujem prethodni post da dodam jos txt-a tj. problema :D pa evo ovde sam napisao...

Kada pokusam da pokrenem anti virus tj. kada kliknem da počne skeniranje takodje mi se restartuje kompjuter i pojavi se black screen of death! :/
Ovaj error mi izbaci kada mi se upali kompjuter

Pokusam sam da skeniram sa Avastom ali kao sto sam rekao restartuje se kompjuter i izbaci error...
Sta da radim?
[ goran9888 @ 31.01.2011. 23:13 ] @
Vidi, taj Windows koji imas nije legalan tj. nije prosao Windows Validation test.


Procitaj ovde vise o tome: http://en.wikipedia.org/wiki/Windows_Genuine_Advantage

[ dendi @ 01.02.2011. 08:49 ] @
Pozdrav goran9888
dok se mokus-mokus ne javi, molim te pogledaj moje reporte
[ goran9888 @ 01.02.2011. 15:09 ] @
@dendi


Koji problem ti imas? I tvoj Windows nije prosao Validation test i sada imas WGA instaliran na racunaru, jel da?
[ goran9888 @ 01.02.2011. 22:30 ] @
@mokus-mokus



Preuzmi Rootkit Unhooker sa sledece adrese na Desktop: http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE


Dvoklikom pokreni program, prebaci se na Report karticu, klikni na Scan i u prozoru stikliraj sve poudjene stavke.

Pocece skeniranje koje moras da sacekas.


Kada skeniranje bude zavrseno, idi na File -> Save Raport i sacuvaj izvestaj.


Taj izvestaj okaci u sledecoj poruci.
[ dendi @ 02.02.2011. 09:23 ] @
Pozdrav
Prošao je Validation test . Nego, instalirao sam jedan keyloger pa zatim obrisao.Samo me interesira dali je deinstalacija napravila dobro svoj posao ili su ostali tragovi?
[ mokus-mokus @ 02.02.2011. 10:14 ] @
Report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80570BC5-->F29CF728 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x8056F8D7-->F29D67EA [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->F29D66A2 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->F29D6CA8 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->F29D6BBE [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->F29D6276 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->F7730E4C [spzp.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->F77311DA [spzp.sys]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x805710BF-->F29CF7D8 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->F29D677E [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->F29D61B2 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->F29D6218 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x8057F1C3-->F29CF870 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->F77312B2 [spzp.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->F29D68C2 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x80655EF6-->F29D6D76 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x806563E9-->F29D6880 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->F29D6A04 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x80593435-->F2AB2620 [D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x867C49C8 [4] System
0x84BEBB98 [208] D:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x849D0B28 [596] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x858391D0 [664] D:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x84C33020 [700] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x8595B270 [712] D:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x85965978 [736] D:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85026DA0 [780] D:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x857CC020 [792] D:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x84BDDB98 [928] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x85623420 [960] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x850F06F0 [1028] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A0D020 [1068] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x849FAB98 [1072] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x84AA2DA0 [1084] D:\WINDOWS\system32\FsUsbExService.Exe (Teruten, FsUsbDevice)
0x85709848 [1124] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84B3FDA0 [1172] D:\WINDOWS\system32\PnkBstrA.exe
0x849EDDA0 [1228] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc., Google Installer)
0x84FD74E8 [1268] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84F7E020 [1344] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84AD2D70 [1464] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd, DAEMON Tools Lite)
0x84C1F5C0 [1512] D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd., NPSAgent)
0x857E8880 [1548] D:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x84FB2B28 [1668] D:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x84A4A990 [2160] D:\WINDOWS\system32\PnkBstrB.exe
0x84A513B0 [2232] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A65DA0 [2348] D:\Program Files\Eltima Software\USB to Ethernet Connector\UsbService.exe
0x84B9A020 [2872] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x849A5990 [3024] D:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x84FE9990 [3060] D:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
==============================================
>Drivers
==============================================
0xF66CB000 D:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6807552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.18 )
0xBF012000 D:\WINDOWS\System32\nv4_disp.dll 5693440 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 162.18 )
0xF2D4F000 D:\WINDOWS\system32\drivers\RtkHDAud.sys 4628480 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 D:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 D:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7715000 PCI_PNP6868 1019904 bytes
0xF7715000 sptd 1019904 bytes
0xF7715000 spzp.sys 1019904 bytes
0xF754B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2A0D000 D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2C02000 D:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9DA0000 D:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF29C6000 D:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xB9A45000 D:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7621000 mv61xx.sys 262144 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)
0xF65E6000 D:\WINDOWS\System32\Drivers\aje4zjdd.SYS 233472 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)
0xF64EE000 D:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF76CF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF751E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9E70000 D:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB8D05000 D:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF2A7D000 D:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF666B000 D:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2BB4000 D:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7679000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF2BDC000 D:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF2D2B000 D:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6693000 D:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6648000 D:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2B6A000 D:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF2AA8000 D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134528 bytes
0x806FF000 D:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7601000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF769F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7504000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7661000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF29AE000 D:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF76FD000 D:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xBA569000 D:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF75D8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65CF000 D:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF6633000 D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 86016 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xBA284000 D:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF661F000 D:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF66B7000 D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2C5B000 D:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 D:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF75EF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF76BE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF651E000 D:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF656F000 D:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A3F000 D:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF658F000 D:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xF7A5F000 D:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF794F000 D:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A4F000 D:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF791F000 D:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF793F000 D:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF786F000 D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7A1F000 D:\Program Files\Eltima Software\USB to Ethernet Connector\drv\NT5\fusbhub.sys 53248 bytes (ELTIMA Software, Filter USB hub)
0xF7A6F000 D:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A7F000 D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF784F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7A9F000 D:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF799F000 D:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A2F000 D:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7A8F000 D:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF78FF000 D:\WINDOWS\system32\DRIVERS\vuhub.sys 45056 bytes (ELTIMA Software, Virtual USB hub)
0xF796F000 D:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF782F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF790F000 D:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF78EF000 D:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9C56000 D:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xF79FF000 D:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF78DF000 D:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF798F000 D:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9B2E000 D:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF797F000 D:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C2F000 D:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B57000 D:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B5F000 D:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7AAF000 D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B17000 D:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7B67000 D:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B6F000 D:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7AC7000 D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7B4F000 D:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C1F000 D:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C37000 D:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7C0F000 D:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7C27000 D:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AB7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BDF000 D:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BE7000 D:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7BD7000 D:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BBF000 D:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF74CC000 D:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA718000 D:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D13000 D:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF2986000 D:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7C3F000 D:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2B94000 D:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6416000 D:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D23000 D:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6412000 D:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D81000 D:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D33000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DF3000 D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D5D000 D:\WINDOWS\System32\DRIVERS\eusbstub.sys 8192 bytes (ELTIMA Software, USB stub)
0xF7D2F000 D:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DBD000 D:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D83000 D:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D59000 D:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D69000 D:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D31000 D:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F1A000 D:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7ED7000 D:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EAD000 D:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x867651F8 unknown_irp_handler 3592 bytes
0x867671F8 unknown_irp_handler 3592 bytes
0x858631F8 unknown_irp_handler 3592 bytes
0x858881F8 unknown_irp_handler 3592 bytes
0x867D71F8 unknown_irp_handler 3592 bytes
0x867661F8 unknown_irp_handler 3592 bytes
0x859241F8 unknown_irp_handler 3592 bytes
0x8583F470 unknown_irp_handler 2960 bytes
0x850F2470 unknown_irp_handler 2960 bytes
0x850F1470 unknown_irp_handler 2960 bytes
0x85049470 unknown_irp_handler 2960 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [D:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] D:\Documents and Settings\All Users\Application Data\Blizzard Entertainment\Logs\World of Warcraft Update\Logs\Blizzard Updater Log.html
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000225
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000226
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000227
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000228
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000229
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00022a
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00022b
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00022c
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2011-01-journal
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2011-02-journal
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Temp\etilqs_Cbj33qdMHNgUAwaogRoa
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Temp\etilqs_mr0qI4DBdLoBS7fUnCzh
!-->[Hidden] D:\Documents and Settings\Owner\Local Settings\Temp\fla60.tmp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D934, Type: Inline - RelativeJump 0x804E4934-->E1F29D67 [unknown_code_page]
ntoskrnl.exe+0x0000D9E0, Type: Inline - RelativeJump 0x804E49E0-->804E4A48 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9EC, Type: Inline - RelativeJump 0x804E49EC-->804E49EB [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9F4, Type: Inline - RelativeJump 0x804E49F4-->804E49F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B19 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAF4, Type: Inline - RelativeJump 0x804E4AF4-->804E4AF2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB50, Type: Inline - RelativeJump 0x804E4B50-->804E4B4F [ntoskrnl.exe]
ntoskrnl.exe+0x0000DBD0, Type: Inline - RelativeJump 0x804E4BD0-->804E4C43 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8059056D-->F29E3832 [aswSP.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Inline - RelativeJump 0x8056DB66-->F29E3656 [aswSP.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805AEDFE-->F29E3790 [aswSP.SYS]
ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8056DA64-->F29E0C88 [aswSP.SYS]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x805E74FE-->F29DF1EE [aswSP.SYS]
[1028]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1028]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1028]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1028]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1028]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1028]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1028]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1028]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1028]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1072]ctfmon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1084]FsUsbExService.Exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1124]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1124]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1124]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1124]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1124]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1124]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1124]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1124]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1172]PnkBstrA.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1196]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1196]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004661D4-->00000000 [unknown_code_page]
[1196]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1196]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1196]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[1196]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[1196]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[1196]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1196]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1196]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1196]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1196]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1228]GoogleCrashHandler.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1268]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1268]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1268]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1268]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1268]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1268]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1344]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1344]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1344]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1344]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1344]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1344]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1344]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1344]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1372]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1372]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1372]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1372]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1372]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1372]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1372]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1372]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1428]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1428]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1428]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1428]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1428]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1428]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1428]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1428]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1464]DTLite.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1464]DTLite.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1464]DTLite.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1464]DTLite.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1464]DTLite.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1464]DTLite.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1464]DTLite.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1464]DTLite.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1512]NPSAgent.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1548]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C844935-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1668]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1668]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1668]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1668]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1668]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[1668]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[1668]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1668]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1668]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1668]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1668]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1668]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1668]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1668]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1668]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[208]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[208]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[208]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[208]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[208]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[208]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[208]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[208]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[208]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2160]PnkBstrB.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2184]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2184]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004661D4-->00000000 [unknown_code_page]
[2184]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[2184]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[2184]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[2184]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[2184]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[2184]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2184]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2184]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2184]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2184]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2232]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2232]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[2232]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[2232]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2232]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2232]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2232]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2232]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2348]UsbService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2348]UsbService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[2348]UsbService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[2348]UsbService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2348]UsbService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2348]UsbService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2348]UsbService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2348]UsbService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[284]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[284]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[284]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[284]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[284]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[284]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[284]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[284]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3024]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3024]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[3024]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[3024]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3024]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[3024]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3024]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[3024]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3220]chrome.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3220]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004661D4-->00000000 [unknown_code_page]
[3220]chrome.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3-->00000000 [snxhk.dll]
[3220]chrome.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C9B-->00000000 [snxhk.dll]
[3220]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[3220]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[3220]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[3220]chrome.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3220]chrome.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[3220]chrome.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3220]chrome.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[3220]chrome.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3568]chrome.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->0000

Šta sada da radim Gorane?
[ goran9888 @ 02.02.2011. 16:17 ] @
Nemas ti malware na racunaru.





Snimi ovaj fix.reg na Desktop:
http://www.speedyshare.com/files/26641493/fix.reg


Nakon toga, klikni desni klik na fajl i izaberi opciju Merge. Ukoliko ne mozes desni klik, onda dvoklikom pokreni .reg fajl i klikni na Yes.




Restartuj racunar i vidi da li sada ima problema?

[Ovu poruku je menjao goran9888 dana 02.02.2011. u 17:54 GMT+1]
[ mokus-mokus @ 03.02.2011. 10:04 ] @
Hvala, sada radi ;)
Dali mogu da obrisem taj fix sa desktopa ili?
[ dava @ 03.02.2011. 10:40 ] @
@goran9888
Kako ti na osnovu ovog loga možeš biti siguran da on nema malware na racunaru?

Recimo ovaj fajl: d:\windows\system32\PnkBstrB.exe

Kada se provjeri na net-u, izgleda nam da je to fajl koji dolazi uz neke igrice, ali taj fajl takodje može biti i keylogger!
Evo ja sad mogu napraviti virus koji će se tako zvati i koji će se kopirati na tu lokaciju, izvršiti. Onda ti uzmeš log tog računara i kažeš:
Citat:
Nemas ti malware na racunaru.


[ goran9888 @ 03.02.2011. 14:59 ] @
@mokus-mokus


Mozes.





@dava

Ti mozes napraviti fajl sa istim imenom, ali taj fajl mora nesto da radi. Ako samo stoji na toj lokaciji, nema bojazni od njega. A ako radi nesto (maliciozno), to nesto sto radi cemo sigurno videti u log-ovima ...


ARK (anti rootkit scan-om) sam shvatio da zasigurno ne postoji keylogger na njegovom racunaru, mada da postoji video bi se i u DDS-u najverovatnije.



Inace, istestirah onaj keylogger (The Smokers) koji je spomenut u ovoj temi i mogu da tvrdim da bi taj keylogger videli zasigurno jos u DDS log-u.


Citat:
Evo ja sad mogu napraviti virus koji će se tako zvati i koji će se kopirati na tu lokaciju, izvršiti. Onda ti uzmeš log tog računara i kažeš:

Citat:
Nemas ti malware na racunaru.


Ne ide to bas tako kako ti zamisljas. Trebas mnogo vise uci u "vode" koncepcije Windows-a, malware-a, itd da bi shvatio o cemu govorim. A ja, sve sto sam naucio (i ucim) godinama ne mogu ti objasniti u jednoj poruci.
[ anon142305 @ 03.02.2011. 21:19 ] @
Citat:
dava: Recimo ovaj fajl: d:\windows\system32\PnkBstrB.exe

Iako je problem resen, cisto da dodam da sam pre par godina imao ovo na kompu i, iz nekog razloga, nijedan antispyware ga nije mogao ocistiti. Uspeo sam samo sa ovim: PunkBuster
[ goran9888 @ 03.02.2011. 21:41 ] @
Citat:
IUOP_1: Iako je problem resen, cisto da dodam da sam pre par godina imao ovo na kompu i, iz nekog razloga, nijedan antispyware ga nije mogao ocistiti. Uspeo sam samo sa ovim: PunkBuster



Antispyware?! Pa ovo nije Spyware ...


Sada ga detektuje veliki broj antivirusa, sto je naravno dobro. Malwarebytes ga uklanja takodje.




Sta si hteo onim link-om da kazes?
[ anon142305 @ 03.02.2011. 22:16 ] @
Citat:
goran9888: Antispyware?! Pa ovo nije Spyware ...

Ok, no meni je smetao, a nisam mogao rucno da ga izbrisem.
Citat:
goran9888: Sta si hteo onim link-om da kazes?

Hteo sam da kazem da sam ga jedino sa tim linkovanim programom uklonio.
[ dava @ 04.02.2011. 07:58 ] @
@gorane9888
Citat:
Ti mozes napraviti fajl sa istim imenom, ali taj fajl mora nesto da radi. Ako samo stoji na toj lokaciji, nema bojazni od njega. A ako radi nesto (maliciozno), to nesto sto radi cemo sigurno videti u log-ovima ...


Taj fajl ce da radi upravo ono što i keylogger. Vidiš ova funkcija SetWindowsHookExW koju koristi PnkBstrB.exe. To je API f-ja iz user32.dll-a koja omogućava stvaranje programskog hook-a kojeg stavlja u hook chain. Ako joj se kao parametar proslijedi WH_KEYBOARD tada će preko kreiranog pointa ići poruke poslate sa tastature koje je dalje lako preko RegisterShellHookWindow() prosleđivati svom programu, a on dalje logovati u neki fajl i po potrebi kriptovati.

Mene stvarno zanima na koji ti način to analiziraš? Nemoj da se ljutiš, što ti smeta ako pitam? Da li koristiš neki program u koji učitaš ovaj log fajl, pa on na osnovu putanje, veličine itd fajla (iz loga) uporedi sa svojom bazom pa prikaže potencijalno opasne fajlove. Vjerovatno ne znaš napamet veličine fajlova što od windows-a što od raznih programa.

[ goran9888 @ 04.02.2011. 19:06 ] @
Citat:
dava: @gorane9888
Taj fajl ce da radi upravo ono što i keylogger. Vidiš ova funkcija SetWindowsHookExW koju koristi PnkBstrB.exe. To je API f-ja iz user32.dll-a koja omogućava stvaranje programskog hook-a kojeg stavlja u hook chain. Ako joj se kao parametar proslijedi WH_KEYBOARD tada će preko kreiranog pointa ići poruke poslate sa tastature koje je dalje lako preko RegisterShellHookWindow() prosleđivati svom programu, a on dalje logovati u neki fajl i po potrebi kriptovati.

Mene stvarno zanima na koji ti način to analiziraš? Nemoj da se ljutiš, što ti smeta ako pitam? Da li koristiš neki program u koji učitaš ovaj log fajl, pa on na osnovu putanje, veličine itd fajla (iz loga) uporedi sa svojom bazom pa prikaže potencijalno opasne fajlove. Vjerovatno ne znaš napamet veličine fajlova što od windows-a što od raznih programa.



Ta funkcija, koju ces ti promeniti, ja mogu videti u ARK log-u ... a video bi najverovatnije i ARK skener i obavestio me o tome. Nesto blizi odgovor ne mogu da ti dam s'obzirom da nisam programer.

Takodje taj log fajl koji pravis bi bio prikazan u Find3M sekciji DDS log-a. Koristio bi neki drajver? Skriveni ili ne, bio bi prikazan.




Analiziram svaku liniju ponasob manuelno, ne koristim nikakve dodatne aplikacije. Ukoliko za neki fajl nisam siguran, potrazim proverene informacije na internetu, ukoliko pak ne postoje, fajl se salje na Virus Total na proveru nakon cega se trazi na upload i vrse testiranja ukoliko ima potrebe. Windows-ovi fajlovi (i ostali legitimni) su digitalno potpisani fajlovi i informacije o njima mozes naci na net-u, tako da ...

http://en.wikipedia.org/wiki/Digital_signature

Takodje su bitni simptomi koje korisnik ima. Npr konkretno u ovom slucaju, simptomi keylogger-a nisu primeceni (npr usporeni rad tastature tj. odziv bi bio nesto sporiji, jer keylogger mora da presretne i zapamti ono sto je otkucano na tastaturi).

[Ovu poruku je menjao goran9888 dana 04.02.2011. u 21:10 GMT+1]
[ dado banjaluka @ 28.09.2012. 19:31 ] @
Pozdrav, vidim stara je tema ali da neotvaram drugu, naime pre desetak dana napravim novi mail nalog koji sam koristio par dana i večeras se ubih ali nemogu se setiti lozinke za njega a imam instaliran Keylogger i u njemu nađem stranice koje sam otvarao i između ostalog i taj nalog ali nemogu pronaći šifru za njega, dali tay keylogger uopšte ima tu mogućnost da mi pokaže samu šifru ili samo stranice koje sam otvarao ? U pitanju je Keylogger V3.6.
[ dado banjaluka @ 29.09.2012. 18:15 ] @
Iko išta ?
[ Dalibor81 @ 29.09.2012. 18:36 ] @
napravi novi nalog za mail, il ipak zelis neciji tudji mail da vidis? :D
[ dado banjaluka @ 30.09.2012. 15:54 ] @
Ma ne, stigle su mi na njega neke ponude pa bi da ih pogledam, to mi je računar u servisu koji samo ja koristim, ako iko ima kakvu ideju neka piše.
[ Windows2 @ 05.11.2012. 15:27 ] @
Pretrazivao sam forum i mislim da je ovo najbolja tema za ozivljavanje radi mog pitanja. Skinuo sam najnoviju verziju bit defender-a total security, bila je neka promocija za trial od 90 dana. Reaguje na eicar test, ocistio mi je komp od nekoliko gamadi i sve je to ok, ali ne shvatam kako moze da dopusta keylogger programu da potpuno neometano radi i belezi sve sto kucam.
Skinuo sam program refog keylogger i b.d. se uopste nije oglasio prilikom njegove instalacije niti ga je sprecavao da obavlja svoju radnju, a firewall je setovan na "agresivno" a tu i pise da stiti upravo od takvih pokusaja. Kako je ovo moguce za program sa ovakvim zvucnim imenom? I nije on jedini koji ne sprecava, probao sam i dataguard anti keylogger i ni on mu nista ne smeta. Jedini program koji totalno ubije refog je zemana antikeylogger, ali i to se placa naravno.
Postoji li uopste neka pouzdana zastita od takozvanog "remote" instaliranja ovakvih programa i njihovog vrsljanja po kompu i sta bi to bilo?
[ agasoft @ 05.11.2012. 16:22 ] @
Objasniće ti ovo neko sigurno stručnije od kolega, al ajde i ja da probam.
Stvar je prosta.
Taj keylogger je komercijalan softver, koji se takođe plaća.
Kao i jedan drugi keylogger da sad ne imenujem, inače moj omiljeni, koji se takođe plaća, i služi za sasvim druge svrhe od neke zloupotrebe.
Mislim da nema razloga da brineš jer remote niko neće da ti instalira komercijalni keylogge,r to bi malo teže išlo jer bi tu firewall sigurno reagovao.
Keylogger koji sam ja koristio na svom ličnom računaru za praćenje samog sebe i svih ostalih radoznalih osoba je čak imao svakodnevni update za registrovane korisnike, koji će da zaštiti sebe od antivirusa.
Ali to su komercijalni keyloggeri, koji nemaju veze sa tamo nekim remote instalacijama.
Moraš ti da ih instaliraš, ili ako ti neko i instalira remote ti moraš da odobriš tako nešto, ili da računar bude nekom mrežom vezan za osobu koja je pokrenula remote instalaciju.
[ Windows2 @ 05.11.2012. 16:35 ] @
Ma koliko vidim to moze i u hardver da se strpa, u samu tastaturu ili negde izmedju, cak i u bios. Moze i bezicno. Ako laze wiki lazem i ja. Sta da ti kazem, paranoja na visokom nivou je kod mene.
Ali ipak mi je mnogo cudno da program bit defender koji je isto komercijalan i koji je pobrao najvece pohvale uopste to ne sprecava? Mozda je ova verzija koju sam skinuo ipak falicna?
Znaci neko moze da dodje i instalira mi na komp taj refog koji se instalira u system 32 i uopste ga nema na listi instaliranih programa i nigde se ne vidi njegova aktivnost. A pomaze li tu ista enkripcija celog diska?
I evo jos nesto interesantno. Skinuo sam trial programa guarded id, i pojavi se prozor sa instalacijom i onda nestane i nista, znaci ne mogu da ga instaliram uopste. Kao da nesto ubije proces?
[ agasoft @ 05.11.2012. 16:42 ] @
Nažalost, neko može da dođe da ti to instalira ako budeš toliko neobazriv.
No, zemana je uvek tu makar i trial da otkloni svaku tvoju sumnju.
[ kristi1 @ 05.11.2012. 18:11 ] @
Avast ima definicije za refog. Prilikom instalacije iskljuci se AV i ceo folder MPK se stavi na ignore, zavrsena prica.
Ne znam na koju foru je kod tebe instaliran, ali kad je u sistemu tu vise ne pomazu antivirusi i njihov scan.

Ne znam napamet listu fajlova ali ovo su neke od lokacija Refog keyloggera

Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\MPK.exe
c:\documents and settings\all users\application data\MPK
c:\windows\system32\runkgb.lnk

Otprilike, ima jos ali ne znam napamet. Sad kako je instaliran i to je pitanje ako je na klik na link obavezno ide i Backdoor uz njega.


Goran je gore objasnio kako se cisti ne samo keylogger vec bilo koji malware.
[ Windows2 @ 05.11.2012. 18:38 ] @
Ma ja sam ga sam instalirao, da vidim kako ce moj av da se ponasa. I samo je zemana upozorila nesto tipa program hoce da kontrolise to i to na kompu i dala opcije tipa "allow" ili "block" A kad sam dozvolio instalaciju i pokrenuo refog posle klika u programu samo je zakucao i ugasio se, znaci ta zemana ga je blokirala. A bit defender apsolutno nista.
U principu imam neki otpor prema besplatnim av programima, ne znam zasto, nekako vise cenim placene, ali ajde mozda i probam avast.
E sad ne znam, recimo ovaj program dataguard koji se isto placa, ali besplatna verzija nudi zastitu samo od obicnog snimanja kucanja u tastaturi, dok placena nudi sve ukljucujuci i zasitu od slikanja ekrana. Recimo on je dozvolio instalaciju refoga, ali kada sam ga pokrenuo izbacio mi je obavestenje da ga je dodao na nekakvu automatsku listu, ali i dalje je program snimao sve sto kucam. A na njihovom sajtu se maltene kunu da stiti od toga.
[ valjan @ 06.11.2012. 14:58 ] @
Pre neke dve nedelje kopirao sam na ovom forumu link do bloga MalwareBytes-a, gde se ukratko objašnjava zašto neki AV program ne prepoznaje neki malware, a drugi da (link). Kao što sam već više puta rekao, često mi neki AV obeleži Putty kao maliciozan, a ja od Puttyja zarađujem redovnu platu, i program je daleko od toga da je maliciozan, samo ako dospe u pogrešne ruke može biti zloupotrebljen. Ali tim rezonom i notepad može biti proglašen za maliciozan, jer u njemu može da se napiše jednostavan batch fajl koji može napraviti džumbus po disku.

Baš zbog ovakvih graničnih situacija proizvođači AV rešenja moraju da balansiraju i odluče na koju stranu da svrstaju nešto. Svet nije crno-beli, ima tu puno nijansi sive, jedini problem je što korisnik često ne ume sam da proceni da li je nešto "tamnije" ili "svetlije" sivo, pa onda vendor na osnovu neke svoje procene prelomi u ime korisnika.

Jer postoje četiri vrste detekcije:

Pravi pozitivni Pravi negativni

Lažni pozitivni Lažni negativni

Logično, gornja dva su poželjna, donja dva nikako. E sad, meni je taj tvoj keylogger možda OK program, jer ga koristim u legalne svrhe, a ti se opet bojiš da ti ga neko krišom instalira i koristi u nelegalne svrhe. Čiji je sad glas jači, odnosno u koju kategoriju će ga AV vendor staviti? Hoće li slušati mene ili tebe ili nekog trećeg? Ako imaju previše lažnih detekcija, to će odbiti klijente, e sad verovatno bit defender ima više onih koji su rekli da im taj keyloger treba u legalne svrhe nego onih koji su se bunili što ga imaju na svom sistemu, pa su prevagnuli na drugu stranu...

Ima, naravno, softvera koji se iz aviona vide da su mailiciozni, i tu nema dvojbe i takvi bivaju odmah uvršteni u opise, ali za ovakve granične slučajeve uvek će biti problematično...
[ Windows2 @ 06.11.2012. 15:22 ] @
Evo samo da ispravim nepravdu vezano za ovu besplatnu varijantu dataguard-a. Posle citanja uputstva za program shvatio sam da on dodaje aplikacije na tu automatsku listu i da onda user ima mogucnost da odobri ili totalno zabrani aktivnost tog programa. Znaci doda program na listu i pored njega stoji zelena ili crvena ikona. Crvena znaci da ce totalno blokirati taj softver, a zelena stoji iz dva razloga:
-Ili zato sto je program pokrenut od strane trenutnog korisnika sto je ovde bio slucaj to jest ja sam pokrenuo refog.
-Ili zato sto program ispunjava nekakav digitalni potpis, digital signature?

Kao sto se lepo vidi na ovoj slici:



Samo je bio potreban dvoklik na zelenu ikonicu pored refog-a da bi ona postala crvena i posle toga nije se nista snimalo u programu. Znaci moja greska, ipak obavlja posao.
I jos jedna dobra stvar je da se ne moze ubiti njegov proces iz task menadzera.

A probao sam i keyscrambler i on je isto dobar. Besplatna varijanta radi samo kao addon za firefox ili ie i samo tada je aktivna i sprecava snimanje kucanja u pomenutim pregledacima. Dok placena premium verzija blokira sve zivo u svim mogucim programima gde se nesto moze kucati.
[ Windows2 @ 06.11.2012. 17:56 ] @
U nadi da ce neko analizirati moje logove evo ih:
[ kristi1 @ 07.11.2012. 12:16 ] @
Nemas nista problematicno, jedino pokreni AdwCleaner idi na delete ok do restarta i pobrisi toolbare kojih imas
http://general-changelog-team....-outils-de-xplode/2-adwcleaner
[ Windows2 @ 07.11.2012. 12:49 ] @
Ok hvala! Ma ti toolbar-i su mi svi iskljuceni to su mozda neki repovi. Tu i tamo skidam neke besplatne programe pa propustim da iskljucim opciju da se instalira i neki toolbar, jesu napast ziva.
[ kristi1 @ 07.11.2012. 13:07 ] @
Uradi ti sta sam ti napisao i sam ces da se uveris sta ce sve da pobrise.
[ Windows2 @ 07.11.2012. 13:53 ] @
Uradjeno!

# AdwCleaner v2.007 - Logfile created 11/07/2012 at 14:44:41
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : S - S-PC
# Boot Mode : Normal
# Running from : C:\Users\S\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

-\\ Google Chrome v22.0.1229.94

*************************