Премини към съдържанието

aleksandra33

Потребител
  • Публикации

    31
  • Регистрация

  • Последно онлайн

Всичко публикувано от aleksandra33

  1. мисля,че сега всичко е наред All processes killed ========== OTL ========== C:\ProgramData\mtbjfghn.xbe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\mtbjfghn.xbe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: user ->Temp folder emptied: 19833211 bytes ->Temporary Internet Files folder emptied: 775419 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 89049202 bytes ->Flash cache emptied: 11026 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3360 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 105,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 09102010_145847 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  2. да.лека и на вас.предполагам че така трябва да ги копирам защото не ги прикача All processes killed ========== OTL ========== HKU\S-1-5-21-1084254141-558916659-170363730-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1084254141-558916659-170363730-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00a6faf6-072e-44cf-8957-5838f569a31d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d}\ deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL moved successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome folder moved successfully. C:\Program Files\MyWebSearch\bar\1.bin folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d}\ deleted successfully. File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca}\ deleted successfully. File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07b18ea9-a523-4961-b6bb-170de4475cca} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca}\ deleted successfully. File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found. Registry value HKEY_USERS\S-1-5-21-1084254141-558916659-170363730-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07b18ea9-a523-4961-b6bb-170de4475cca} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca}\ not found. File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin deleted successfully. File C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\my web search bar search scope monitor deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. Registry value HKEY_USERS\S-1-5-21-1084254141-558916659-170363730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin deleted successfully. File C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a93c934-025b-4c3a-b38e-9654a7003239}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced38442-9b73-11df-a7c8-001e68f13bf1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced38442-9b73-11df-a7c8-001e68f13bf1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced38442-9b73-11df-a7c8-001e68f13bf1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced38442-9b73-11df-a7c8-001e68f13bf1}\ not found. File F:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\setup_vmc_lite.exe not found. ADS C:\ProgramData\TEMP:38849DE5 deleted successfully. ADS C:\ProgramData\TEMP:FF23EFF2 deleted successfully. ADS C:\ProgramData\TEMP:C4D9B0D5 deleted successfully. ADS C:\ProgramData\TEMP:BF4C5148 deleted successfully. ADS C:\ProgramData\TEMP:F1CD4718 deleted successfully. ========== FILES ========== recycler not found in C:\ recycler not found in D:\ recycler not found in E:\ < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. D:\Users\user\Downloads\cmd.bat deleted successfully. D:\Users\user\Downloads\cmd.txt deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images folder moved successfully. C:\Program Files\FunWebProducts\ScreenSaver folder moved successfully. C:\Program Files\FunWebProducts folder moved successfully. C:\Program Files\MyWebSearch\bar\Settings folder moved successfully. C:\Program Files\MyWebSearch\bar\Overlay folder moved successfully. C:\Program Files\MyWebSearch\bar\Notifier folder moved successfully. C:\Program Files\MyWebSearch\bar\Message folder moved successfully. C:\Program Files\MyWebSearch\bar\icons folder moved successfully. C:\Program Files\MyWebSearch\bar\History folder moved successfully. C:\Program Files\MyWebSearch\bar\Game folder moved successfully. C:\Program Files\MyWebSearch\bar\Avatar folder moved successfully. C:\Program Files\MyWebSearch\bar folder moved successfully. C:\Program Files\MyWebSearch folder moved successfully. C:\Windows\System32\f3PSSavr.scr moved successfully. C:\ProgramData\mtbjfghn.xbe moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: user ->Temp folder emptied: 1037537415 bytes ->Temporary Internet Files folder emptied: 70123571 bytes ->Java cache emptied: 1881651 bytes ->Google Chrome cache emptied: 359309773 bytes ->Flash cache emptied: 33872 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1180000 bytes RecycleBin emptied: 2755 bytes Total Files Cleaned = 1 402,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 09102010_000709 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ето и другия [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=d9cc48dc98673442954605626587aea9 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-30 05:45:32 # local_time=2010-05-30 08:45:32 ) # country="Bulgaria" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1797 16775165 100 94 1288371 47890833 49283 0 # compatibility_mode=5893 16776573 100 94 5807340 26860309 0 0 # compatibility_mode=8192 67108863 100 0 179 179 0 0 # scanned=84298 # found=0 # cleaned=0 # scan_time=12414 [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=d9cc48dc98673442954605626587aea9 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-09-10 02:05:22 # local_time=2010-09-10 05:05:22 ) # country="Bulgaria" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1797 16775165 100 94 39561 56730821 0 0 # compatibility_mode=5893 16776573 100 94 225357 35700297 0 0 # compatibility_mode=8192 67108863 100 0 8840167 8840167 0 0 # scanned=94664 # found=39 # cleaned=39 # scan_time=15216 D:\Old\Downloads\CursorManiaSetup2.3.50.62.SA.HP.ZCfox000.exe a variant of Win32/Toolbar.MyWebSearch.L application (deleted - quarantined) 00000000000000000000000000000000 C D:\Old\Downloads\SmileyCentralPFSetup2.3.67.1.ZNfox000.exe a variant of Win32/Toolbar.MyWebSearch.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Users\user\Documents\Downloads\ZwinkySetup2.3.67.1.ZJman000.exe Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Users\user\Downloads\SmileyCentralPFSetup2.3.69.8.ZNman000.exe a variant of Win32/Toolbar.MyWebSearch.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL a variant of Win32/Toolbar.MyWebSearch.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Win32/FunWeb application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL Win32/Toolbar.MyWebSearch.I application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL a variant of Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\_OTL\MovedFiles\09102010_000709\C_Windows\System32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. упс....голям срам.поне се научих снимки да правя май нещо и с прикачените файлове бъркам,но не успях по друг начин checkup.txt Extras.Txt OTL.Txt
  4. готово.оправиха се.сега да си инсталирам ли пак Malwarebytes Anti-Malware.безопасно ли е да я ползвам.
  5. всъщност единствената причина,че въобще успявам да отворя интернет е,че имах икона за фейсбука си на екрана.само от там мога да си отворя гугъла.иначе от иконите не ми го отваря,нито пък интернет експлорер.като кликна излиза пак текстов документ.а иначе явно програмите работят защото u-torrent от екрана не ми се отваря(тоест отваря като текст)а като тръгна да тегля файл-работи.файла се тегли-но като се опитам да го отворя пак текст.
  6. не става!изписва ми това"не може да внася в D\users\user\downloads\fix.reg. не всички данни са успешно записани във registry.some ключ са отворени от системата или други процеси"
  7. всъщност не мога да отворя никаква програма.която и да се опитам и от декстопа и от местоположението на файла ми отваря само такъв документ.мисля че се отнася за всички инсталирани програми.аз изтрих програмата,но преди това се опитвах многократно да я отворя и не може.а сега не мога да я инсталирам
  8. пробвах,обаче проблема е,че като се опитам да го отворя следкато се изтегли пак ми се отваря като notepad
  9. след сканиране с Malwarebytes' Anti-Malware когато запаметих notepad документа и след това ми се рестартира компютъра за да довърши почистването,абсплютно всички изтеглени програми ми се отварят като notepad документ.скайп,гугъл хром,интернет експлорер-абе всичко.за резултатите от сканирането-ми не знам дали са верни...но може би да защото си зареждах телефона на компютара.е та телефона и той май сдаде багажа..пробвах какво ли не да променя с друга програма да ми отваря но не става.дори и иконите на екрана са с картинката на notepad. та въпроса ми е може ли вирус да направи това.посъветваха ме да да деинсталирам Malwarebytes' Anti-Malware.направих го и пак същото. прикачам резултатите от сканирането.благодаря предварително. mbam-log-2010-09-09 (13-40-35).txt
  10. много благодаря за търпението и помоща.за мен почти всичко беше на китайски
  11. не,само да ме посъветвате има ли нужда от още нещо за защита или от друга антивирусна
  12. излизат два зловредни обекта.да натисна ли "премахни обектите"
  13. днес не съм сканирала.снощи за последно
  14. за съжаление не разполагам със инсталационен диск на Windows 7.антивирусната да стои ли спряна още? sfcdetails.txt
  15. знамето е като вариант 1-чисто бяло не Windows 7 ми го инсталираха преди няколко месеца.преди това беше с виста но с нея нищо не работеше и постоянно забиваше
  16. по стъпка 1 щом пуснах фаила да се тегли директно ми изкара двата лога по стъпка 2 щом изтеглих файла ми показа син екран на който изписа някакъв проблем и ми рестартира компютара.когато прикачих файла към коментара ми изписа че не позволява да се прикачи такъв тип файл и пак рестартира.затова го копирам така.незнам дали не обърках нещо с прейменуването GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-30 14:40:41 Windows 6.1.7600 Running: Tool.exe.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- System - GMER 1.0.15 ---- SSDT 80560A24 ZwCreateThread SSDT 80560A10 ZwOpenProcess SSDT 80560A15 ZwOpenThread SSDT 80560A1F ZwTerminateProcess INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1EAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A072D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A06898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1EF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1F1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13DD 82A7E609 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA3052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 35C 82AAA93C 4 Bytes [24, 0A, 56, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 4F8 82AAAAD8 4 Bytes [10, 0A, 56, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 518 82AAAAF8 4 Bytes [15, 0A, 56, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 7C8 82AAADA8 4 Bytes [1F, 0A, 56, 80] {POP DS; OR DL, [ESI-0x80]} .text peauth.sys 96228C9D 28 Bytes [9E, BD, 67, D0, E0, D5, 0F, ...] .text peauth.sys 96228CC1 28 Bytes [9E, BD, 67, D0, E0, D5, 0F, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + 6 77A34A16 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + B 77A34A1B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + 6 77A35126 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + B 77A3512B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + 6 77A351D6 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + B 77A351DB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + B 77A351EB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + 6 77A351F6 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + B 77A351FB 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + 6 77A35256 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + B 77A3525B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + 6 77A35266 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + B 77A3526B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + B 77A3527B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + 6 77A35386 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + B 77A3538B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + B 77A3543B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + 6 77A35A86 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + B 77A35A8B 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + 6 77A35AE6 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + B 77A35AEB 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- DDS.txt
  17. готово!благодаря!стана по вторият начин
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...