View Single Post
  #10  
Old May 6th, 2009, 06:48 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 2

---- User code sections - GMER 1.0.15 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[260] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[260] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 001A0000
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 001A0080
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 001A0F8B
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 001A0065
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 001A0FB2
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 001A004A
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 001A0F5C
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 001A00A2
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 001A00C9
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 001A0109
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 001A0FC3
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 001A0091
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 001A0FDE
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 001A0FEF
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 001A0F4B
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00290FAD
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00290FD2
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00290FE3
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_open 77BFF566 5 Bytes JMP 0029000C
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00290038
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0029001D
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 002A0FCA
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 002A0FA5
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 002A001B
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 002A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 002A0058
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 002A0000
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 002A0047
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 002A0036
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!socket 71A34211 5 Bytes JMP 002B0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenA 445EC865 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenW 445ECE99 5 Bytes JMP 002C0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 002C001B
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00F5007D
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00F50058
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00F50F8A
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00F50047
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00F5002C
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00F5009F
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00F5008E
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00F50F32
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00F50F17
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00F50FA5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00F50F6D
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00F50FC0
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00F50011
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00F500B0
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00F40069
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00F40011
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00F40058
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00F40047
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00F40036
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00F30031
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00F30F9C
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00F3000C
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00F30FAD
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00F30FDE
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!socket 71A34211 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00F1000A
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00040F57
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00040F72
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00040040
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00040F83
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00040082
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00040F3A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 000400C9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 000400AE
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 000400DA
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00040067
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00040093
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00060064
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00060FCF
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0006002E
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0006003F
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71A34211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00FD0089
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00FD0078
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00FD0F9E
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00FD005B
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00FD00CB
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00FD0F83
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00FD00F7
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00FD0F4D
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00FD0040
Reply With Quote