Spywarefri Forum | MEGET sløv pc +

2 af 3

MEGET sløv pc +

[ Ignorer ] [ # 16 ] poppet
17.09.2007 00:40:04 Antal indlæg: 177	GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-16 22:38:01 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CB9E0 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, 11, A0, B4, 80, 74, A0, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Program Files\SPAMfighter\SFAgent.exe[232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1776] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1928] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1972] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1972] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[2028] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\explorer.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\explorer.exe[2708] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F160F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0E, 5F ] .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F100F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F190F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F130F5A .text C:\Norman\Nvc\bin\nvcoas.exe[2940] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2956] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2980] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[3080] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3336] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[3396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[3396] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3412] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[3640] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[3640] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA91D5D2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA5CB454] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA5BEF4C] fltMgr.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B4A128A0] vsdatant.sys Device \Device\NTPNP_PCI0011 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_PNP [BA769298] pci.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE
[ Ignorer ] [ # 17 ] Ejvindh
17.09.2007 12:37:29 Redaktør Supporter Emeritus Antal indlæg: 6158	Der er sket det, som jeg nævnte i vejledningen, at Gmer-logfilen ikke kunne være i én post. Derfor er du nødt til at lægge den herind ad flere omgange.
[ Ignorer ] [ # 18 ] poppet
17.09.2007 14:29:53 Antal indlæg: 177	Jamen den fylder ikke mere end det jeg har sat ind:
[ Ignorer ] [ # 19 ] poppet
17.09.2007 14:55:56 Antal indlæg: 177	Håber den er bedre :o). GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-17 12:48:15 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CBA00 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, F1, A0, B4, 80, 54, A1, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F3B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F370F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[644] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Norman\Npm\bin\ZLH.EXE[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATI
[ Ignorer ] [ # 20 ] poppet
17.09.2007 14:59:08 Antal indlæg: 177	Der kommer lige 2 nye. GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-17 12:48:15 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CBA00 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, F1, A0, B4, 80, 54, A1, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F3B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F370F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[644] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Norman\Npm\bin\ZLH.EXE[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION
[ Ignorer ] [ # 21 ] poppet
17.09.2007 15:00:35 Antal indlæg: 177	Fortsættelsen fra ovenover. Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\NTPNP_PCI0011 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_PNP [BA769298] pci.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_PNP [BA647130] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_PNP [BA647130] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_PNP [BA647130] atapi.sys Device \Device\NTPNP_PCI0014 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_PNP [BA769298] pci.sys Device \Device\00000077 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000077 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000078 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000079 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\0000007a IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\0000007a FastIoDetachDevice [BA7800D4] ACPI.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\0000007b IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\0000007b FastIoDetachDevice [BA7800D4] ACPI.sys Device \Device\0000007c IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007c IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\0000007c FastIoDetachDevice [BA7800D4] ACPI.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BA91D5D2] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [BA91C000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [BA91C742] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE
[ Ignorer ] [ # 22 ] Ejvindh
17.09.2007 23:22:57 Redaktør Supporter Emeritus Antal indlæg: 6158	Hmmm. Faktisk så fik du nu stadig ikke lagt hele filen ind. Den sidste del af logfilen skal nemlig gerne være følgende linie: ——EOF - GMER 1.0.13—— I de dele, som du har lagt herind, var der dog ikke tegn på skidt. Hvis du ikke orker at lægge hele logfilen herind, så prøv evt. blot at lægge de sidste 20 linier herind. Så kan jeg lige se, om der ser ud til at være behov for det hele. Prøv også følgende: Gå ind i Internet Explorer, klik på Funktioner-Internet Indstillinger, klik på fanebladet “Sikkerhed”, og klik på “Nulstil alle zoner til standarden”. Klik på Ok. Genstart så computeren, og lav en ny log med Catchme, som du lægger herind til gennemsyn.
[ Ignorer ] [ # 23 ] poppet
18.09.2007 00:18:38 Antal indlæg: 177	Du får lige de her linier, ok. AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B5F53BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BA5CB454] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [BA5BEF4C] fltMgr.sys ——Registry - GMER 1.0.13—— Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@bbmfpgjganmgohofibmemnijnkmmpddjeefg 0x6A 0x61 0x6E 0x6B ... Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@abonbgfjlkhflnkgjgbbbopgdcfnngfnjl 0x6A 0x61 0x6E 0x6B ... Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@iamfpgjganmgohofib 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@haonbgfjlkhflnkg 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@iaafjnjocbbnkikgik 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@bbmfpgjganmgohofibmemnijnkmmeekggilf 0x6A 0x61 0x6E 0x6B ... Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@abonbgfjlkhflnkgjgbbbopgdccnagkkjn 0x6A 0x61 0x6E 0x6B ... Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@abafjkcepiamoieippfapdpenjfhdblcnf 0x69 0x61 0x67 0x65 ... Reg \Registry\USER\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}@malegmkanicjmkjjmigaebnhnm 0x68 0x61 0x6E 0x6B ... ——EOF - GMER 1.0.13——
[ Ignorer ] [ # 24 ] Ejvindh
18.09.2007 00:25:25 Redaktør Supporter Emeritus Antal indlæg: 6158	Tak for det. Der var ikke noget overraskende. Da jeg ovenfor skrev, at jeg gerne ville have en log fra Catchme, mente jeg bare, at du skulle køre rootchk, som du nu har kørt en del gange allerede
[ Ignorer ] [ # 25 ] poppet
18.09.2007 00:33:52 Antal indlæg: 177	Ok, det er også ved at være sent :o). ******************************* ROOTCHK-(22-08-07)-LOG, by ejvindh 2007-09-17 22:31:32.43 The rootkits that are detected by this tool were not found. ******************************* ROOTCHK-LOG-end catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 22:31:35 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}] “bbmfpgjganmgohofibmemnijnkmmpddjeefg”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abonbgfjlkhflnkgjgbbbopgdcfnngfnjl”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “iamfpgjganmgohofib”=hex:61,61,00,00 “haonbgfjlkhflnkg”=hex:61,61,00,00 “iaafjnjocbbnkikgik”=hex:61,61,00,00 “bbmfpgjganmgohofibmemnijnkmmeekggilf”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abonbgfjlkhflnkgjgbbbopgdccnagkkjn”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abafjkcepiamoieippfapdpenjfhdblcnf”=hex:69,61,67,65,6c,6a,66,65,6b,64,65,69,6e,65,67,70,63,68,00,e1 “malegmkanicjmkjjmigaebnhnm”=hex:68,61,6e,6b,6c,70,61,61,61,6c,62,6d,63,62,64,64,00,68 scanning hidden files ... hidden processes: 0 hidden files: 0
[ Ignorer ] [ # 26 ] Ejvindh
19.09.2007 00:40:36 Redaktør Supporter Emeritus Antal indlæg: 6158	Det hjalp ikke meget. Fik du kørt dette? Prøv også følgende: Gå ind i Internet Explorer, klik på Funktioner-Internet Indstillinger, klik på fanebladet “Sikkerhed”, og klik på “Nulstil alle zoner til standarden”. Klik på Ok. Jeg skal være ærlig og indrømme, at jeg har lidt besvær med at greje de entries. Jeg skal gerne blive ved med at forsøge at få dem væk, hvis du har tålmodighed til det. Min fornemmelse er, at de ikke gør den helt store skade, men det er jo altid mistænkeligt, når der er nogle entries, der ikke vil lade sig fjerne… Hvis du har mod på at fortsætte, så prøv følgende: Download Rootkit Unhooker herfra: http://rku.nm.ru/rkunhooker_v3/RkU3.7.300.506.zip Installér programmet. Kør så RKU. Klik på Setup-Settings-“Use Extended mode”. Du vil så blive bedt om at genstarte, hvilket du skal gøre. Kør så Rootkit Unhooker igen, klik på fanebladet “Report”, klik på knappen “Scan”. Lad programmet skanne færdig, klik på “File-Save Report”, og gem rapporten et sted, hvor du kan finde den igen. Læg indholdet af denne rapport herind.
[ Ignorer ] [ # 27 ] poppet
19.09.2007 14:49:23 Antal indlæg: 177	Jo jeg har modet til at fortsætte for det undrer også mig hvad det kan være. Det RKU program melder fejl hver gang jeg dobbelt klikkker på det, det er installeres på c:RkUnhooker og i mappen er 4 exe filer, men fejl hver gang, “Error loading data file”. Henrik
[ Ignorer ] [ # 28 ] Ejvindh
19.09.2007 23:02:50 Redaktør Supporter Emeritus Antal indlæg: 6158	Ok, jeg flytter så din sag over i rootkit-kategorien. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Prøv i første omgang, om du kan få denne lidt tidligere version til at køre (du skal afinstallere den nuværende version først): http://rku.nm.ru/rkunhooker_v3/RkU3.7.300.503.zip ...og lav den ovennævnte log. Derudover har jeg også fået en ny ide til at fixe linierne. Prøv derfor følgende Kør Avenger igen. Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind: ——————————————- registry keys to replace with dummy: “HKEY_USERS\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}” HKEY_USERS\S-1-5-21-4143980258-3897299837-3496439251-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3} ——————————————- —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. —Lav også en ny log med rootchk, som du lægger herind til gennemsyn —Endelig må du også gerne hente en ny version af rootchk, som du også laver en log med til gennemsyn herinde.
[ Ignorer ] [ # 29 ] poppet
20.09.2007 09:09:42 Antal indlæg: 177	******************************* ROOTCHK-(17-09-07)-LOG, by ejvindh 2007-09-20 7:05:10.62 The rootkits that are detected by this tool were not found. ******************************* ROOTCHK-LOG-end catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 07:06:16 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}] “bbmfpgjganmgohofibmemnijnkmmpddjeefg”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abonbgfjlkhflnkgjgbbbopgdcfnngfnjl”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “iamfpgjganmgohofib”=hex:61,61,00,00 “haonbgfjlkhflnkg”=hex:61,61,00,00 “iaafjnjocbbnkikgik”=hex:61,61,00,00 “bbmfpgjganmgohofibmemnijnkmmeekggilf”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abonbgfjlkhflnkgjgbbbopgdccnagkkjn”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,.. “abafjkcepiamoieippfapdpenjfhdblcnf”=hex:69,61,67,65,6c,6a,66,65,6b,64,65,69,6e,65,67,70,63,68,00,e1 “malegmkanicjmkjjmigaebnhnm”=hex:68,61,6e,6b,6c,70,61,61,61,6c,62,6d,63,62,64,64,00,68 scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0
[ Ignorer ] [ # 30 ] Ejvindh
20.09.2007 11:31:10 Redaktør Supporter Emeritus Antal indlæg: 6158	@poppet: Jeg tror at chancerne for at få løst denne sag er større, hvis du begynder at udføre alle de ting, som jeg foreslår—og så lægger alle de logs herind, som jeg beder om. Ellers bliver jeg nødt til at gætte mig frem, og det er ingen af os tjent med. Jeg vil derfor bede dig om at udføre min seneste instruksion igen—og denne gang lægge alle logfilerne herind til gennemsyn.

2 af 3

Forrige

Næste