View Single Post
  #13  
Old May 6th, 2009, 06:54 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 5

.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00B4006C
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00B4005B
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 00B40FB9
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [BD, 88]
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00B40036
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B30F9C
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B30FB7
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B30FE3
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B3000C
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B30FC8
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B3001D
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!socket 71A34211 5 Bytes JMP 00B20000
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00B10000
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00B10FC0
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00B1001B
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 01020000
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 0102007F
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 0102005A
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0102003D
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 01020F80
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 01020FB6
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 010200BC
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 010200AB
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 010200E8
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 01020F34
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 01020F9B
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 01020FDB
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 01020090
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 01020022
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 01020011
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 010200D7
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 01010011
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 0101006C
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 01010FC0
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 01010000
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 01010047
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 01010FE5
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 01010036
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 01010FA5
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FF0031
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FF0FA6
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FF0FC1
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FF0016
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!socket 71A34211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00FD0FAF
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00FD0F9E
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100639A0
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100638CC
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!send 71A34C27 5 Bytes JMP 10063004
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10062734
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100626AC
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10063894
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 001A0093
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 001A0078
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 001A0F68
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 001A00C9
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 001A0F83
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00290051
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 002900A2
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00290087
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00290076
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!system 77BF93C7 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 002A0044
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_open 77BFF566 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 002A0055
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 002A0029
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenA 445EC865 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenW 445ECE99 5 Bytes JMP 002C0FDB
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!socket 71A34211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\alg.exe[3324] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100239A0
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100238CC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!send 71A34C27 5 Bytes JMP 10023004
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10022734
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100226AC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10023894
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat AE68BD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----


Regards,
Graham.
Reply With Quote