Spywarefri Forum | MEGET sløv pc +

2 af 3

MEGET sløv pc +

[ Ignorer ] [ # 16 ] poppet
17.09.2007 00:40:04 Antal indlæg: 170	GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-16 22:38:01 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CB9E0 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, 11, A0, B4, 80, 74, A0, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[220] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Program Files\SPAMfighter\SFAgent.exe[232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[232] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[428] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[444] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[476] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[516] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1776] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1928] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1972] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1972] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[2028] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\explorer.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\explorer.exe[2708] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F160F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0E, 5F ] .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F100F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F190F5A .text C:\WINDOWS\explorer.exe[2708] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F130F5A .text C:\Norman\Nvc\bin\nvcoas.exe[2940] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2956] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2980] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[3080] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3336] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[3396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[3396] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3412] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[3640] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[3640] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A05FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A05E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A05AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A05950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA91D5D2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B5ABBBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA5CB454] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA5CB1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA5BEF4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA5BEF4C] fltMgr.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A128A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B4A128A0] vsdatant.sys Device \Device\NTPNP_PCI0011 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_PNP [BA769298] pci.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE
[ Ignorer ] [ # 17 ] Ejvindh
17.09.2007 12:37:29 Redaktør Team Spywarefri Antal indlæg: 6039	Der er sket det, som jeg nævnte i vejledningen, at Gmer-logfilen ikke kunne være i én post. Derfor er du nødt til at lægge den herind ad flere omgange.
[ Ignorer ] [ # 18 ] poppet
17.09.2007 14:29:53 Antal indlæg: 170	Jamen den fylder ikke mere end det jeg har sat ind:
[ Ignorer ] [ # 19 ] poppet
17.09.2007 14:55:56 Antal indlæg: 170	Håber den er bedre :o). GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-17 12:48:15 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CBA00 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, F1, A0, B4, 80, 54, A1, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F3B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F370F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[644] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Norman\Npm\bin\ZLH.EXE[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATI
[ Ignorer ] [ # 20 ] poppet
17.09.2007 14:59:08 Antal indlæg: 170	Der kommer lige 2 nye. GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-09-17 12:48:15 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.13—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory INT 0x20 srescan.sys BA4CBA00 ——Kernel code sections - GMER 1.0.13—— .text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, F1, A0, B4, 80, 54, A1, ... ] ? srescan.sys Den angivne fil blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.13—— .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F3B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F370F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASetLastError 71AB2A5E 6 Bytes JMP 5F220F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!select 71AB2DC0 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F2E0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F310F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!ioctlsocket 71AB4519 6 Bytes JMP 5F250F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F280F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F340F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\MailWasher Pro\MailWasher.exe[196] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[644] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[644] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Windows Defender\MsMpEng.exe[1016] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ELOGSVC.EXE[1092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\Bin\Zanda.exe[1112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1408] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\nvcoas.exe[1440] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\WINDOWS\Explorer.EXE[1560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1560] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F14001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F20001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1D001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F1A001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F17001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1880] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F11001E .text C:\Norman\Npm\bin\ZLH.EXE[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\ZLH.EXE[1888] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SPAMfighter\SFAgent.exe[1896] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[1908] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1912] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2024] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F260F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F220F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F040F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F130F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F1F0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [ 1E, 00, 0B, 5F ] .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F0D0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F1C0F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F190F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F160F5A .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2032] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A .text C:\Documents and Settings\HP_Administrator\desktop\SpywareFri\gmer\abc.exe[2156] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NIP.EXE[2252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\BIN\NVCSCHED.EXE[2468] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Npm\bin\NJEEVES.EXE[2728] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[2740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\msiexec.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\msiexec.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3132] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Norman\Nvc\bin\cclaw.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A ——Kernel IAT/EAT - GMER 1.0.13—— IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4A13FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B4A13E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4A13AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4A13950] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA91C742] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA91C000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA9195C2] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA919000] bb-run.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION
[ Ignorer ] [ # 21 ] poppet
17.09.2007 15:00:35 Antal indlæg: 170	Fortsættelsen fra ovenover. Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\NTPNP_PCI0011 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0011 IRP_MJ_PNP [BA769298] pci.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_PNP [BA647130] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP1T0L0-1f IRP_MJ_PNP [BA647130] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CREATE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CLOSE [BA640572] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_DEVICE_CONTROL [BA640592] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA63C7B4] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_POWER [BA6405BC] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_SYSTEM_CONTROL [BA647164] atapi.sys Device \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_PNP [BA647130] atapi.sys Device \Device\NTPNP_PCI0014 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0014 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0020 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0015 IRP_MJ_PNP [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_DEVICE_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_POWER [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_SYSTEM_CONTROL [BA769298] pci.sys Device \Device\NTPNP_PCI0021 IRP_MJ_PNP [BA769298] pci.sys Device \Device\00000077 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000077 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000077 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000078 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000078 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\00000079 IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\00000079 FastIoDetachDevice [BA7800D4] ACPI.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\0000007a IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_DEVICE_CHANGE [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_QUERY_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_SET_QUOTA [BA77FCB8] ACPI.sys Device \Device\0000007a IRP_MJ_PNP [BA77FCB8] ACPI.sys Device \Device\0000007a FastIoDetachDevice [BA7800D4] ACPI.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B4A208A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B4A208A0] vsdatant.sys Device \Device\0000007b IRP_MJ_CREATE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CREATE_NAMED_PIPE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CLOSE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_READ [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_WRITE [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_EA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_EA [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_FLUSH_BUFFERS [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_VOLUME_INFORMATION [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_DIRECTORY_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_FILE_SYSTEM_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_INTERNAL_DEVICE_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SHUTDOWN [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_LOCK_CONTROL [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CLEANUP [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_CREATE_MAILSLOT [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_QUERY_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SET_SECURITY [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_POWER [BA77FCB8] ACPI.sys Device \Device\0000007b IRP_MJ_SYSTEM_CONTROL