API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 14th, 2016
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 65.04 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19357 - http://www.gmer.net
  2. Rootkit scan 2016-01-14 16:38:01
  3. Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AADS-00M2B0 rev.01.00A01 698,64GB
  4. Running: zmolg3up.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\aftcaaog.sys
  5.  
  6.  
  7. ---- System - GMER 2.1 ----
  8.  
  9. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x93E363D4]
  10. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x93EF39F4]
  11. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x93E36EB2]
  12. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x93E4328A]
  13. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x93E432D6]
  14. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x93E43470]
  15. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x93E431F8]
  16. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x93EF3DCE]
  17. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x93E43240]
  18. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x93EF405E]
  19. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x93EF4148]
  20. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x93E4342A]
  21. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x93E37CA0]
  22. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x93E3643A]
  23. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x93EF424C]
  24. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x93EF3ACC]
  25. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x93EF0C5C]
  26. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x93EF3EAE]
  27. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x93E364A0]
  28. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x93E3B228]
  29. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x93E387E4]
  30. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x93E432B4]
  31. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x93E432F8]
  32. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x93E43494]
  33. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x93E4321E]
  34. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x93E3A72A]
  35. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x93E433A8]
  36. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x93E43268]
  37. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x93E3AB16]
  38. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x93E4344E]
  39. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x93EF3C4C]
  40. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x93E385FC]
  41. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x93E3830A]
  42. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x93E36506]
  43. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x93E3656C]
  44. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x93EF3FAA]
  45. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x93E360C0]
  46. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x93E36292]
  47. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x93E36220]
  48. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x93E37E6A]
  49. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x93E37FCC]
  50. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x93E3631A]
  51. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x93EF3D1A]
  52. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x93E37AFA]
  53. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x93EF0C8C]
  54. SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x93E365D2]
  55. SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x93EF3B7E]
  56.  
  57. ---- Kernel code sections - GMER 2.1 ----
  58.  
  59. .text ntkrnlpa.exe!ZwReplaceKey + 1525 83076B55 1 Byte [06]
  60. .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B0BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
  61. .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 830B7FB0 4 Bytes [D4, 63, E3, 93] {AAM 0x63; JECXZ 0xffffff97}
  62. .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830B7FD8 4 Bytes [F4, 39, EF, 93] {HLT ; CMP EDI, EBP; XCHG EBX, EAX}
  63. .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830B8038 4 Bytes [B2, 6E, E3, 93] {MOV DL, 0x6e; JECXZ 0xffffff97}
  64. .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830B808C 8 Bytes [8A, 32, E4, 93, D6, 32, E4, ...] {MOV DH, [EDX]; IN AL, 0x93; SALC ; XOR AH, AH; XCHG EBX, EAX}
  65. .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 830B8098 4 Bytes [70, 34, E4, 93] {JO 0x36; IN AL, 0x93}
  66. .text ...
  67. PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 114 83275DAB 4 Bytes CALL 93E38E73 \SystemRoot\system32\drivers\aswSnx.sys
  68. PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 132 8328FC8B 4 Bytes CALL 93E38E89 \SystemRoot\system32\drivers\aswSnx.sys
  69. .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95003000, 0x2D5378, 0xE8000020]
  70.  
  71. ---- User code sections - GMER 2.1 ----
  72.  
  73. .text E:\Avast\avastui.exe[384] kernel32.dll!SetUnhandledExceptionFilter 7679F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
  74. .text E:\Avast\AvastSvc.exe[1360] kernel32.dll!SetUnhandledExceptionFilter 7679F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
  75. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtCreateFile 770C56B0 5 Bytes JMP 5CF2FF71 E:\Mozilla\xul.dll
  76. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtFlushBuffersFile 770C5A40 5 Bytes JMP 5CF2FCB1 E:\Mozilla\xul.dll
  77. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtQueryFullAttributesFile 770C60D0 5 Bytes JMP 5CF2FE64 E:\Mozilla\xul.dll
  78. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtReadFile 770C63A0 5 Bytes JMP 5CF2FCEB E:\Mozilla\xul.dll
  79. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtReadFileScatter 770C63B0 5 Bytes JMP 5D2BF233 E:\Mozilla\xul.dll
  80. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtWriteFile 770C6B50 5 Bytes JMP 5CF30115 E:\Mozilla\xul.dll
  81. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!NtWriteFileGather 770C6B60 5 Bytes JMP 5D2BF283 E:\Mozilla\xul.dll
  82. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!LdrUnloadDll 770DCBCE 5 Bytes JMP 000703FC
  83. .text E:\Mozilla\firefox.exe[1500] ntdll.dll!LdrLoadDll 770E2576 5 Bytes JMP 668EA7DC E:\Mozilla\mozglue.dll
  84. .text E:\Mozilla\firefox.exe[1500] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 7679952E 7 Bytes JMP 5D2A88D7 E:\Mozilla\xul.dll
  85. .text E:\Mozilla\firefox.exe[1500] KERNEL32.dll!QueryPerformanceCounter + 13 7679C535 7 Bytes JMP 5D2A92B8 E:\Mozilla\xul.dll
  86. .text E:\Mozilla\firefox.exe[1500] KERNEL32.dll!LoadAppInitDlls + 355 7679F5F6 7 Bytes JMP 5D01C918 E:\Mozilla\xul.dll
  87. .text E:\Mozilla\firefox.exe[1500] USER32.dll!GetWindowInfo 765F4B66 5 Bytes JMP 5DD6AB31 E:\Mozilla\xul.dll
  88. .text E:\Mozilla\firefox.exe[1500] GDI32.dll!GetViewportOrgEx + 26C 755187DB 7 Bytes JMP 5D2A8258 E:\Mozilla\xul.dll
  89. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateFile + 6 770C56B6 4 Bytes [28, 18, 07, 00]
  90. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateFile + B 770C56BB 1 Byte [E2]
  91. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateKey + 6 770C56F6 4 Bytes [68, 19, 07, 00]
  92. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateKey + B 770C56FB 1 Byte [E2]
  93. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateMutant + 6 770C5736 4 Bytes [68, 1A, 07, 00]
  94. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateMutant + B 770C573B 1 Byte [E2]
  95. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateSection + 6 770C57D6 4 Bytes [A8, 1A, 07, 00]
  96. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtCreateSection + B 770C57DB 1 Byte [E2]
  97. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtMapViewOfSection + B 770C5D1B 1 Byte [E2]
  98. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenFile + 6 770C5DC6 4 Bytes [68, 18, 07, 00]
  99. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenFile + B 770C5DCB 1 Byte [E2]
  100. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenKey + 6 770C5DF6 4 Bytes [A8, 19, 07, 00]
  101. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenKey + B 770C5DFB 1 Byte [E2]
  102. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenKeyEx + B 770C5E0B 1 Byte [E2]
  103. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenMutant + 6 770C5E46 4 Bytes [28, 1A, 07, 00]
  104. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenMutant + B 770C5E4B 1 Byte [E2]
  105. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcess + 6 770C5E76 4 Bytes [68, 1B, 07, 00]
  106. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcess + B 770C5E7B 1 Byte [E2]
  107. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcessToken + 6 770C5E86 4 Bytes [A8, 1B, 07, 00]
  108. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcessToken + B 770C5E8B 1 Byte [E2]
  109. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcessTokenEx + 6 770C5E96 4 Bytes [68, 1C, 07, 00]
  110. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenProcessTokenEx + B 770C5E9B 1 Byte [E2]
  111. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenSection + B 770C5EBB 1 Byte [E2]
  112. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThread + 6 770C5EF6 4 Bytes [28, 1B, 07, 00]
  113. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThread + B 770C5EFB 1 Byte [E2]
  114. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThreadToken + 6 770C5F06 4 Bytes [28, 1C, 07, 00]
  115. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThreadToken + B 770C5F0B 1 Byte [E2]
  116. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThreadTokenEx + 6 770C5F16 4 Bytes [A8, 1C, 07, 00]
  117. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtOpenThreadTokenEx + B 770C5F1B 1 Byte [E2]
  118. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtQueryAttributesFile + 6 770C6026 4 Bytes [A8, 18, 07, 00]
  119. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtQueryAttributesFile + B 770C602B 1 Byte [E2]
  120. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtQueryFullAttributesFile + B 770C60DB 1 Byte [E2]
  121. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtSetInformationFile + 6 770C6726 4 Bytes [28, 19, 07, 00]
  122. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtSetInformationFile + B 770C672B 1 Byte [E2]
  123. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtSetInformationThread + B 770C678B 1 Byte [E2]
  124. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtUnmapViewOfSection + 6 770C6AA6 4 Bytes [28, 1D, 07, 00]
  125. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ntdll.dll!NtUnmapViewOfSection + B 770C6AAB 1 Byte [E2]
  126. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] kernel32.dll!CreateProcessW 7675204D 5 Bytes JMP 00080030
  127. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] kernel32.dll!CreateProcessA 76752082 5 Bytes JMP 00080070
  128. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!ActivateKeyboardLayout 765E820B 5 Bytes JMP 001304F0
  129. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!ScreenToClient 765EA50E 7 Bytes JMP 00130670
  130. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!RegisterClipboardFormatA 765EC099 5 Bytes JMP 001302F0
  131. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!RegisterClipboardFormatW 765EDF95 5 Bytes JMP 001302B0
  132. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!SetCursor 765F307D 5 Bytes JMP 00130530
  133. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!MonitorFromWindow 765F362A 7 Bytes JMP 00130630
  134. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!PostMessageW 765F4483 5 Bytes JMP 001305F0
  135. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!IsWindowVisible 765F4D71 7 Bytes JMP 001306B0
  136. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClientRect 765F54ED 7 Bytes JMP 001305B0
  137. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!MapWindowPoints 765F5CBA 5 Bytes JMP 00130570
  138. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetParent 765F6039 7 Bytes JMP 001306F0
  139. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!EmptyClipboard 76602924 5 Bytes JMP 00130130
  140. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!SetClipboardData 7660297A 5 Bytes JMP 00130170
  141. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardData 76602BBF 5 Bytes JMP 00130030
  142. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardFormatNameW 76605FEA 5 Bytes JMP 00130230
  143. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!SetClipboardViewer 7660700E 5 Bytes JMP 001304B0
  144. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardFormatNameA 76607022 5 Bytes JMP 00130270
  145. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!ChangeClipboardChain 76611494 5 Bytes JMP 00130430
  146. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetTopWindow 766124F1 7 Bytes JMP 00130730
  147. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!CloseClipboard 76614484 5 Bytes JMP 001300B0
  148. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!OpenClipboard 76614496 5 Bytes JMP 00130070
  149. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!IsClipboardFormatAvailable 76614517 5 Bytes JMP 001300F0
  150. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardSequenceNumber 7661452B 5 Bytes JMP 00130330
  151. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardOwner 7661453D 5 Bytes JMP 00130370
  152. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!CountClipboardFormats 76614721 5 Bytes JMP 001301F0
  153. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!EnumClipboardFormats 76614803 5 Bytes JMP 001301B0
  154. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetOpenClipboardWindow 76614822 5 Bytes JMP 001303F0
  155. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!SetCursorPos 7662C266 5 Bytes JMP 00130770
  156. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetClipboardViewer 76644BCB 5 Bytes JMP 00130470
  157. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] user32.DLL!GetPriorityClipboardFormat 76644CCD 5 Bytes JMP 001303B0
  158. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!DeleteObject 75515F14 5 Bytes JMP 002401B0
  159. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SelectObject 75516640 5 Bytes JMP 002405F0
  160. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetTextColor 75516906 5 Bytes JMP 00240A30
  161. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetBkMode 755169B1 5 Bytes JMP 002408F0
  162. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!DeleteDC 75516EAA 5 Bytes JMP 00240170
  163. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetDeviceCaps 75516F7F 5 Bytes JMP 002403B0
  164. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!ExtSelectClipRgn 75517114 5 Bytes JMP 002402F0
  165. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SelectClipRgn 75517242 5 Bytes JMP 002405B0
  166. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetCurrentObject 7551782B 5 Bytes JMP 00240370
  167. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetStretchBltMode 75517872 5 Bytes JMP 002406B0
  168. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextMetricsW 75517B1F 5 Bytes JMP 00240E30
  169. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextAlign 75517D3F 5 Bytes JMP 00240D70
  170. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!IntersectClipRect 75517D8E 5 Bytes JMP 002403F0
  171. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!ExtTextOutW 75518122 5 Bytes JMP 00240970
  172. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetTextAlign 7551821E 5 Bytes JMP 002409F0
  173. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetClipBox 755184B5 5 Bytes JMP 00240330
  174. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!MoveToEx 75518BB1 5 Bytes JMP 00240470
  175. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!StretchDIBits 7551A204 5 Bytes JMP 00240770
  176. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!RestoreDC 7551A341 5 Bytes JMP 00240530
  177. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SaveDC 7551A411 5 Bytes JMP 00240570
  178. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextExtentPoint32W 7551B17D 5 Bytes JMP 00240670
  179. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextFaceW 7551B402 5 Bytes JMP 00240D30
  180. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetFontData 7551B98C 5 Bytes JMP 00240C70
  181. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!CreateDCA 7551BDC9 5 Bytes JMP 002400B0
  182. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!CreateDCW 7551C099 5 Bytes JMP 002400F0
  183. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!CreateICW 7551C0F0 5 Bytes JMP 00240130
  184. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetWorldTransform 7551CD04 5 Bytes JMP 002406F0
  185. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextMetricsA 7551D328 5 Bytes JMP 00240DF0
  186. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!Rectangle 7551F1BD 5 Bytes JMP 002409B0
  187. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!LineTo 7551F559 5 Bytes JMP 00240430
  188. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetICMMode 7551FA62 5 Bytes JMP 00240DB0
  189. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!ExtTextOutA 75520CDE 5 Bytes JMP 00240930
  190. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextExtentPoint32A 7552113D 5 Bytes JMP 00240630
  191. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!ExtEscape 75522D09 5 Bytes JMP 002402B0
  192. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!Escape 755233C0 5 Bytes JMP 00240270
  193. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!ResetDCW 75523A5B 5 Bytes JMP 00240AB0
  194. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!EndPage 7552409A 5 Bytes JMP 00240230
  195. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetPolyFillMode 75526741 5 Bytes JMP 00240B30
  196. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SetMiterLimit 755268FD 5 Bytes JMP 00240B70
  197. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetTextFaceA 75530C82 5 Bytes JMP 00240CF0
  198. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!GetGlyphOutlineW 7553C3A2 5 Bytes JMP 00240CB0
  199. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!CreateScalableFontResourceW 7553EA07 5 Bytes JMP 00240BB0
  200. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!AddFontResourceW 7553EE03 5 Bytes JMP 00240BF0
  201. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!RemoveFontResourceW 7553F2F9 5 Bytes JMP 00240C30
  202. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!AbortDoc 75544FAB 5 Bytes JMP 00240030
  203. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!EndDoc 755453F2 5 Bytes JMP 002401F0
  204. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!StartPage 755454DD 5 Bytes JMP 00240730
  205. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!StartDocW 75545EF8 5 Bytes JMP 002407F0
  206. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!BeginPath 755466A5 5 Bytes JMP 00240830
  207. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!SelectClipPath 755466FC 5 Bytes JMP 00240AF0
  208. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!CloseFigure 75546757 5 Bytes JMP 00240070
  209. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!EndPath 755467AE 5 Bytes JMP 00240A70
  210. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!StrokePath 755469E1 5 Bytes JMP 002407B0
  211. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!FillPath 75546A6E 5 Bytes JMP 00240870
  212. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!PolylineTo 75546EDC 5 Bytes JMP 002404F0
  213. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!PolyBezierTo 75546F6D 5 Bytes JMP 002404B0
  214. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] GDI32.dll!PolyDraw 7554701F 5 Bytes JMP 002408B0
  215. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ole32.dll!OleSetClipboard 76D80225 5 Bytes JMP 00260030
  216. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ole32.dll!OleIsCurrentClipboard 76D836A6 5 Bytes JMP 00260070
  217. .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe[5016] ole32.dll!OleGetClipboard 76DAFDBD 5 Bytes JMP 002600B0
  218. .text E:\Mozilla\plugin-container.exe[5548] ntdll.dll!LdrLoadDll 770E2576 5 Bytes JMP 668EA7DC E:\Mozilla\mozglue.dll
  219. .text E:\Mozilla\plugin-container.exe[5548] USER32.dll!RegisterMessagePumpHook + 2F1 765E8BA6 7 Bytes JMP 5DC3BEC0 E:\Mozilla\xul.dll
  220. .text E:\Mozilla\plugin-container.exe[5548] USER32.dll!IsDialogMessageW + 340 765F444C 7 Bytes JMP 5DC3BF95 E:\Mozilla\xul.dll
  221. .text E:\Mozilla\plugin-container.exe[5548] USER32.dll!GetWindowInfo 765F4B66 5 Bytes JMP 5DC3E0C5 E:\Mozilla\xul.dll
  222. .text E:\Mozilla\plugin-container.exe[5548] USER32.dll!ToUnicodeEx + 71 7660223B 7 Bytes JMP 5DC3C82F E:\Mozilla\xul.dll
  223.  
  224. ---- Registry - GMER 2.1 ----
  225.  
  226. Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
  227. Reg HKLM\SYSTEM\CurrentControlSet\services\ngvss\Parameters@asserts ????????????????????? ?????????????????????1????????????????????????? ??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????A??=E??????????? ??fi??????3\??? ?????????????????????1??L????????? ??????mul??{fe796a0c-a896-11e4-bd93-00241dda03a0}???1??????? ?????????????n???????1????????????&????????????????????l????????????????????????????????(??????U????????????????(??????????????????????z???z??????oi????????????????????????(??????s???????????????????????????????????????????z???z????????(???????????????????????????????(??????z???z???????????z???j???????????z???j???????????????????????????????z???z??oem5.inf:ForAllNT:LOGIHIDMOUSE:8.50.0.0:hid\vid_046d&pid_c245&mi_00?????Logitech Optical Gaming Mouse G400??????HID\VID_046D&PID_C245&REV_6900&MI_00?HID\VID_046D&PID_C245&MI_00?HID_DEVICE_SYSTEM_MOUSE?HID_DEVICE_UP:0001_U:0002?HID_DEVICE?????????X??????&???&??bb_capture_driver???Microsoft????????????v???v????????????????????????????*????????????????n????? ?????????
  228. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
  229. Reg HKLM\SYSTEM\ControlSet002\services\ngvss\Parameters@asserts ??????????N??????%???????%???????????????@???????????????????????????????????}??????????????????????????????????????01???????????????}???????????????????????}??????? ???}???}??? ???????}???????????}?5??????.??????????????????s???????????????????????}???p???&??????????Ro??? ???????}???????????}?5??????.?????????p????????z???~??????????????????????????? P??}???o??????ge??? ???????}???????????}?5??????.??????????????????}??????????????????? ???????}???????????k?5?????????????????????????????}???2???h??????????-6???}???????}??????????????????????????????????????????78???????????????}?????}???}????? ???????o?????}????????????????????????????? ???????}?????}?????}????$???2?F??? ?????????????F??}??????????????????%SystemRoot%\System32\fwpuclnt.dll???????????}?????????????????????}?????????}?????????L????rasadhlp.dll??????&??}????????????????g?????NameSpace_Catalog5???????}?}?}?}?}????$??}??????????????????Protocol_Catalog9???? ???????}?????}??????????"????????? ???????g??????}????? ???????}???????????}????????,?@??
  230. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
  231. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x4C 0x28 0xC6 0xD4 ...
  232. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe 0x43 0x72 0x8D 0x9C ...
  233. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x15 0xF2 0x83 0x99 ...
  234. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xE8 0xC9 0xD1 0x9C ...
  235. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\SV 11.0\vegas110.exe 0x3C 0x7A 0x34 0x2A ...
  236. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 0x07 0x2F 0xFF 0x23 ...
  237. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Kuba\AppData\Local\Temp\n2633\s2633.exe 0xC5 0xFB 0x37 0xA9 ...
  238. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x18 0xAE 0xEC 0x02 ...
  239. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Kuba\AppData\Local\Temp\n3142\s3142.exe 0xEE 0xE0 0xDC 0x05 ...
  240. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Kuba\AppData\Local\Temp\n3263\s3263.exe 0xE5 0x0E 0xE2 0x1B ...
  241. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Grupa IMAGE\Updater\CheckerUpdate.exe 0x0D 0x2D 0xFE 0x7E ...
  242. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Grupa IMAGE\Updater\Updater.exe 0x07 0x9A 0xD1 0xC4 ...
  243. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume3\Steam\SteamApps\common\grid 2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe 0x1F 0x78 0x85 0x2A ...
  244. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Malwarebytes Anti-Malware\mbam.exe 0x6C 0xB7 0x37 0x3D ...
  245. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
  246. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x9B 0xB0 0x19 0xD3 ...
  247. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Microsoft Office 2013\KMSnano\TriggerKMS.exe 0x8D 0x32 0x28 0x28 ...
  248. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Microsoft Office 2013\KMSnano\KMSELDI.exe 0x9F 0xCD 0xCC 0x38 ...
  249. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x14 0xFA 0xE9 0x16 ...
  250. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Microsoft Visual Studio 10.0\Common7\IDE\VCSExpress.exe 0x65 0x73 0x07 0xF5 ...
  251. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Kuba\AppData\Local\Temp\SIT17182.tmp\setup.exe 0x6D 0x56 0xE1 0x0A ...
  252. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x31 0x3A 0xE9 0x47 ...
  253. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Kuba\Downloads\OTL.exe 0x07 0xE8 0x7C 0xEF ...
  254. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Kies\Kies\Kies.exe 0xE1 0x51 0x85 0xB4 ...
  255. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume3\Testy B 2015\App\x86\Testy.UI.exe 0x5F 0xA3 0x3D 0x74 ...
  256. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0xC0 0x06 0x48 0xD7 ...
  257. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x2F 0x15 0xC2 0xA3 ...
  258. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Malwarebytes Anti-Malware\mbam.exe 0x32 0x6E 0xE0 0x44 ...
  259. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Malwarebytes Anti-Malware\mbamservice.exe 0xE9 0x84 0x6E 0xB6 ...
  260. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
  261. Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@FE1833CD 1334
  262. Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9A627E4E-13F9-11E4-9C22-806E6F6E6963} 44745241144
  263.  
  264. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!