Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívka..... -pre motji

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#16 Příspěvek od Narfyk »

Odskúšané 2krát -to isté (BSoD).
Btw.: Nemôže to byť tým, že to odinštalovávam cez CCleaner ? :o
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Preventívka..... -pre motji

#17 Příspěvek od motji »

BSOD při čem?
PC Vám ted funguje? Já Vám ted moc nerozumím, nevím co děláte :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#18 Příspěvek od Narfyk »

PC Funguje, Tri krát som skúšal odinštalovať DAEMON Tools Lite (cez CCleaner) a vždy BSoD.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Preventívka..... -pre motji

#19 Příspěvek od motji »

Spustte gmer i tak.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#20 Příspěvek od Narfyk »

1.Log:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-23 17:46:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgddapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x93F0183C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target1Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target3Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target2Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target0Lun0 8739C1E8
Device \FileSystem\Ntfs \Ntfs 861F11E8
Device \FileSystem\fastfat \Fat 872CC1E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

2.Log:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-23 19:08:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgddapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x93EECA68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x90AC0BBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x90AC148A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x90AC0610]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90AB9E42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90ADB760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x90AC111A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90AD55AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90AD59D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90ADFEE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90AD5E4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x90AC1278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90ABAB7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90ADD212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90ADCB06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90AD438E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x93EECB18]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90ADDBE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90ADDE1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90ADE2D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90ABA730]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90AD7AD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x90AD76C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x93EECBB0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90ADECB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90ADE59A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x90AC01A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90ADF71E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90AC08DC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90ABAF8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90ADF242]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90ADC226]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90AD66D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90AD6404]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x93F0183C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E3F339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E78D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E7FDE8 1 Byte [68]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E7FDE8 4 Bytes [68, CA, EE, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E7FDF4 8 Bytes [BA, 0B, AC, 90, 8A, 14, AC, ...] {MOV EDX, 0x8a90ac0b; ADC AL, 0xac; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82E7FE88 4 Bytes [10, 06, AC, 90] {ADC [ESI], AL; LODSB ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82E7FEA4 4 Bytes [42, 9E, AB, 90] {INC EDX; SAHF ; STOSD ; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 82FC8B78 7 Bytes JMP 93F01840 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8300DB6C 5 Bytes JMP 93EFD29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8302616E 5 Bytes JMP 93EFED50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys 8B0AE000 8 Bytes [8E, 8A, 21, 83, A0, 67, 21, ...]
.text sptd.sys 8B0AE009 23 Bytes [67, 21, 83, 34, 02, 22, 83, ...]
.text sptd.sys 8B0AE024 4 Bytes [44, A5, 1D, 8B]
.text sptd.sys 8B0AE02C 66 Bytes [7D, A4, FC, 82, D8, 9E, E3, ...]
.text sptd.sys 8B0AE06F 29 Bytes [83, A0, 9E, E3, 82, 6B, 8D, ...]
.text ...
.sptd2 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B1880AD]
? C:\windows\System32\Drivers\sptd.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
? C:\windows\System32\Drivers\SafeBoot.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9521B000, 0x2FBD68, 0xE8000020]
.text USBPORT.SYS!DllUnload 96168D81 5 Bytes JMP 872F21C8

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\wininit.exe[608] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0003006C
.text C:\windows\system32\wininit.exe[608] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00030030
.text C:\windows\system32\wininit.exe[608] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00050120
.text C:\windows\system32\wininit.exe[608] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0005006C
.text C:\windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000500E4
.text C:\windows\system32\wininit.exe[608] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00050030
.text C:\windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000500A8
.text C:\windows\system32\services.exe[668] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\services.exe[668] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\lsass.exe[684] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\lsass.exe[684] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\lsass.exe[684] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00240120
.text C:\windows\system32\lsass.exe[684] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0024006C
.text C:\windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002400E4
.text C:\windows\system32\lsass.exe[684] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00240030
.text C:\windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002400A8
.text C:\windows\system32\lsm.exe[692] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\winlogon.exe[776] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0003006C
.text C:\windows\system32\winlogon.exe[776] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00030030
.text C:\windows\system32\winlogon.exe[776] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 000C0120
.text C:\windows\system32\winlogon.exe[776] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 000C006C
.text C:\windows\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000C00E4
.text C:\windows\system32\winlogon.exe[776] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 000C0030
.text C:\windows\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000C00A8
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00300120
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0030006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 003000E4
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00300030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[920] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 003000A8
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[956] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\atiesrxx.exe[1052] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\windows\system32\atiesrxx.exe[1052] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\windows\system32\atiesrxx.exe[1052] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001F0120
.text C:\windows\system32\atiesrxx.exe[1052] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001F006C
.text C:\windows\system32\atiesrxx.exe[1052] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001F00E4
.text C:\windows\system32\atiesrxx.exe[1052] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001F0030
.text C:\windows\system32\atiesrxx.exe[1052] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001F00A8
.text C:\windows\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00150120
.text C:\windows\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0015006C
.text C:\windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001500E4
.text C:\windows\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00150030
.text C:\windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001500A8
.text C:\windows\System32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 000A006C
.text C:\windows\System32\svchost.exe[1164] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 000A0030
.text C:\windows\System32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00480120
.text C:\windows\System32\svchost.exe[1164] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0048006C
.text C:\windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 004800E4
.text C:\windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00480030
.text C:\windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 004800A8
.text C:\windows\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00B90120
.text C:\windows\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 00B9006C
.text C:\windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 00B900E4
.text C:\windows\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00B90030
.text C:\windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 00B900A8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1248] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001A0120
.text C:\windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001A006C
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001A00E4
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001A0030
.text C:\windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001A00A8
.text C:\windows\system32\Hpservice.exe[1444] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\Hpservice.exe[1444] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\Hpservice.exe[1444] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00100120
.text C:\windows\system32\Hpservice.exe[1444] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0010006C
.text C:\windows\system32\Hpservice.exe[1444] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001000E4
.text C:\windows\system32\Hpservice.exe[1444] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00100030
.text C:\windows\system32\Hpservice.exe[1444] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001000A8
.text C:\windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00DE0120
.text C:\windows\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 00DE006C
.text C:\windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 00DE00E4
.text C:\windows\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00DE0030
.text C:\windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 77526D0C 3 Bytes JMP 00DE00A8
.text C:\windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA + 4 77526D10 1 Byte [89]
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00230120
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0023006C
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002300E4
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00230030
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1584] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002300A8
.text C:\Program Files\IDT\WDM\sttray.exe[1860] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\IDT\WDM\sttray.exe[1860] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\IDT\WDM\sttray.exe[1860] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001F0120
.text C:\Program Files\IDT\WDM\sttray.exe[1860] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001F006C
.text C:\Program Files\IDT\WDM\sttray.exe[1860] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#21 Příspěvek od Narfyk »

001F00E4
.text C:\Program Files\IDT\WDM\sttray.exe[1860] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001F0030
.text C:\Program Files\IDT\WDM\sttray.exe[1860] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001F00A8
.text C:\windows\system32\atieclxx.exe[1916] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\windows\system32\atieclxx.exe[1916] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\windows\system32\atieclxx.exe[1916] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00180120
.text C:\windows\system32\atieclxx.exe[1916] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0018006C
.text C:\windows\system32\atieclxx.exe[1916] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001800E4
.text C:\windows\system32\atieclxx.exe[1916] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00180030
.text C:\windows\system32\atieclxx.exe[1916] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001800A8
.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 76C33D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\windows\System32\spoolsv.exe[2028] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\System32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00140120
.text C:\windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0014006C
.text C:\windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001400E4
.text C:\windows\System32\spoolsv.exe[2028] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00140030
.text C:\windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001400A8
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 002F0120
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 002F006C
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002F00E4
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 002F0030
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2096] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002F00A8
.text C:\windows\system32\svchost.exe[2168] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[2168] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[2168] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00150120
.text C:\windows\system32\svchost.exe[2168] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0015006C
.text C:\windows\system32\svchost.exe[2168] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001500E4
.text C:\windows\system32\svchost.exe[2168] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00150030
.text C:\windows\system32\svchost.exe[2168] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001500A8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe[2248] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe[2248] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2288] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\windows\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00740120
.text C:\windows\system32\svchost.exe[2312] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0074006C
.text C:\windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 007400E4
.text C:\windows\system32\svchost.exe[2312] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00740030.text C:\windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 007400A8
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0009006C
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00090030
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00140120
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0014006C
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001400E4
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00140030
.text D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE[2360] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001400A8
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2436] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00180120
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0018006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001800E4
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00180030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2472] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001800A8
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2496] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00220120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0022006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002200E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00220030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2540] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002200A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2568] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] user32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] user32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] user32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] user32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\Program Files\PDF Complete\pdfsvc.exe[2608] user32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0015006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00150030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00180120
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0018006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001800E4
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00180030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2676] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001800A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00140120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0014006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001400E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00140030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2716] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001400A8
.text C:\windows\system32\svchost.exe[2764] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[2764] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001F0120
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001F006C
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001F00E4
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001F0030
.text D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2820] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001F00A8
.text C:\windows\system32\uArcCapture.exe[2864] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\windows\system32\uArcCapture.exe[2864] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\windows\system32\uArcCapture.exe[2864] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00180120
.text C:\windows\system32\uArcCapture.exe[2864] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0018006C
.text C:\windows\system32\uArcCapture.exe[2864] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001800E4
.text C:\windows\system32\uArcCapture.exe[2864] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00180030
.text C:\windows\system32\uArcCapture.exe[2864] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001800A8
.text C:\windows\System32\svchost.exe[2888] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[2888] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[2888] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00240120
.text C:\windows\System32\svchost.exe[2888] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0024006C
.text C:\windows\System32\svchost.exe[2888] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002400E4
.text C:\windows\System32\svchost.exe[2888] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00240030
.text C:\windows\System32\svchost.exe[2888] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002400A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 000A006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 000A0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00140120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001400E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001400A8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001F0120
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001F006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001F0030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3004] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001F00A8
.text C:\windows\system32\wbem\unsecapp.exe[3112] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\wbem\unsecapp.exe[3112] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\unsecapp.exe[3112] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 000F0120
.text C:\windows\system32\wbem\unsecapp.exe[3112] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 000F006C
.text C:\windows\system32\wbem\unsecapp.exe[3112] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000F00E4
.text C:\windows\system32\wbem\unsecapp.exe[3112] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 000F0030
.text C:\windows\system32\wbem\unsecapp.exe[3112] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00100120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0010006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001000E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00100030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3156] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001000A8
.text C:\windows\system32\Dwm.exe[3220] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 000A006C
.text C:\windows\system32\Dwm.exe[3220] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 000A0030
.text C:\windows\system32\Dwm.exe[3220] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00130120
.text C:\windows\system32\Dwm.exe[3220] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0013006C
.text C:\windows\system32\Dwm.exe[3220] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001300E4
.text C:\windows\system32\Dwm.exe[3220] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00130030
.text C:\windows\system32\Dwm.exe[3220] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001300A8
.text C:\windows\system32\wbem\wmiprvse.exe[3300] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#22 Příspěvek od Narfyk »

.text C:\windows\system32\wbem\wmiprvse.exe[3300] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\wmiprvse.exe[3300] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00140120
.text C:\windows\system32\wbem\wmiprvse.exe[3300] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0014006C
.text C:\windows\system32\wbem\wmiprvse.exe[3300] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001400E4
.text C:\windows\system32\wbem\wmiprvse.exe[3300] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00140030
.text C:\windows\system32\wbem\wmiprvse.exe[3300] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001400A8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00200120
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0020006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002000E4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00200030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3420] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002000A8
.text C:\windows\system32\svchost.exe[3532] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[3532] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\DllHost.exe[3620] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0005006C
.text C:\windows\system32\DllHost.exe[3620] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00050030
.text C:\windows\system32\DllHost.exe[3620] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00070120
.text C:\windows\system32\DllHost.exe[3620] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0007006C
.text C:\windows\system32\DllHost.exe[3620] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000700E4
.text C:\windows\system32\DllHost.exe[3620] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00070030
.text C:\windows\system32\DllHost.exe[3620] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000700A8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00190120
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0019006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001900E4
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00190030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3668] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001900A8
.text C:\windows\system32\svchost.exe[3760] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[3760] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[3760] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00180120
.text C:\windows\system32\svchost.exe[3760] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0018006C
.text C:\windows\system32\svchost.exe[3760] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001800E4
.text C:\windows\system32\svchost.exe[3760] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00180030
.text C:\windows\system32\svchost.exe[3760] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001800A8
.text C:\windows\Explorer.EXE[3864] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\Explorer.EXE[3864] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\Explorer.EXE[3864] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00110120
.text C:\windows\Explorer.EXE[3864] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0011006C
.text C:\windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001100E4
.text C:\windows\Explorer.EXE[3864] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00110030
.text C:\windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001100A8
.text C:\windows\system32\taskhost.exe[3964] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0009006C
.text C:\windows\system32\taskhost.exe[3964] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00090030
.text C:\windows\system32\taskhost.exe[3964] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 000B0120
.text C:\windows\system32\taskhost.exe[3964] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 000B006C
.text C:\windows\system32\taskhost.exe[3964] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000B00E4
.text C:\windows\system32\taskhost.exe[3964] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 000B0030
.text C:\windows\system32\taskhost.exe[3964] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000B00A8
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 001F0120
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 001F006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 001F0030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe[3980] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001F00A8
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00230120
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0023006C
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002300E4
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00230030
.text D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe[4284] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002300A8
.text C:\Windows\System32\rundll32.exe[4296] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0007006C
.text C:\Windows\System32\rundll32.exe[4296] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00070030
.text C:\Windows\System32\rundll32.exe[4296] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00090120
.text C:\Windows\System32\rundll32.exe[4296] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0009006C
.text C:\Windows\System32\rundll32.exe[4296] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000900E4
.text C:\Windows\System32\rundll32.exe[4296] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00090030
.text C:\Windows\System32\rundll32.exe[4296] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000900A8
.text C:\Windows\WindowsMobile\wmdc.exe[4332] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Windows\WindowsMobile\wmdc.exe[4332] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Windows\WindowsMobile\wmdc.exe[4332] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00100120
.text C:\Windows\WindowsMobile\wmdc.exe[4332] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0010006C
.text C:\Windows\WindowsMobile\wmdc.exe[4332] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001000E4
.text C:\Windows\WindowsMobile\wmdc.exe[4332] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00100030
.text C:\Windows\WindowsMobile\wmdc.exe[4332] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001000A8
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00250120
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0025006C
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002500E4
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00250030
.text D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4484] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002500A8
.text C:\windows\system32\svchost.exe[4576] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[4576] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00210120
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0021006C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002100E4
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00210030
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4760] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002100A8
.text C:\windows\system32\SearchIndexer.exe[4908] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\SearchIndexer.exe[4908] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\SearchIndexer.exe[4908] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00100120
.text C:\windows\system32\SearchIndexer.exe[4908] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0010006C
.text C:\windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001000E4
.text C:\windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00100030
.text C:\windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001000A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00110120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0011006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 001100E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00110030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 001100A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00580120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0058006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 005800E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00580030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5176] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 005800A8
.text C:\windows\System32\svchost.exe[5552] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 000A006C
.text C:\windows\System32\svchost.exe[5552] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 000A0030
.text C:\windows\System32\svchost.exe[5552] user32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 004A0120
.text C:\windows\System32\svchost.exe[5552] user32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 004A006C
.text C:\windows\System32\svchost.exe[5552] user32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 004A00E4
.text C:\windows\System32\svchost.exe[5552] user32.dll!SetWinEventHook 775024DC 5 Bytes JMP 004A0030
.text C:\windows\System32\svchost.exe[5552] user32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 004A00A8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00340120
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0034006C
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 003400E4
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00340030
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5672] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 003400A8
.text C:\Users\Admin\Desktop\gmer.exe[5736] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
.text C:\Users\Admin\Desktop\gmer.exe[5736] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Users\Admin\Desktop\gmer.exe[5736] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00310120
.text C:\Users\Admin\Desktop\gmer.exe[5736] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0031006C
.text C:\Users\Admin\Desktop\gmer.exe[5736] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 003100E4
.text C:\Users\Admin\Desktop\gmer.exe[5736] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00310030
.text C:\Users\Admin\Desktop\gmer.exe[5736] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 003100A8
.text C:\windows\system32\wbem\wmiprvse.exe[5952] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\wbem\wmiprvse.exe[5952] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\wmiprvse.exe[5952] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00090120
.text C:\windows\system32\wbem\wmiprvse.exe[5952] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0009006C
.text C:\windows\system32\wbem\wmiprvse.exe[5952] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 000900E4
.text C:\windows\system32\wbem\wmiprvse.exe[5952] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00090030
.text C:\windows\system32\wbem\wmiprvse.exe[5952] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 000900A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0016006C
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#23 Příspěvek od Narfyk »

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00160030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00240120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0024006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002400E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00240030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6044] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002400A8
.text C:\windows\explorer.exe[8152] ntdll.dll!LdrUnloadDll 778EC8DE 5 Bytes JMP 0006006C
.text C:\windows\explorer.exe[8152] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 00060030
.text C:\windows\explorer.exe[8152] USER32.dll!UnhookWindowsHookEx 774FADF9 5 Bytes JMP 00210120
.text C:\windows\explorer.exe[8152] USER32.dll!UnhookWinEvent 774FB750 5 Bytes JMP 0021006C
.text C:\windows\explorer.exe[8152] USER32.dll!SetWindowsHookExW 774FE30C 5 Bytes JMP 002100E4
.text C:\windows\explorer.exe[8152] USER32.dll!SetWinEventHook 775024DC 5 Bytes JMP 00210030
.text C:\windows\explorer.exe[8152] USER32.dll!SetWindowsHookExA 77526D0C 5 Bytes JMP 002100A8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [90AC6100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [90AC590E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [90AC406C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [90AC5AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [90AC6100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [90AC590E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [90AC406C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [90AC5AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [90AC5AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [90AC6100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [90AC590E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [90AC406C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [90AC5AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [90AC406C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [90AC6100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [90AC590E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72BD2437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72BB5600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72BB56BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [72BD24B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72BC8514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72BC4CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72BC506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72BC5144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72BC6671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72BC826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72BC87BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72BC901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72BCE1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[3864] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72BC4BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4296] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4296] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4296] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4296] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipAlloc] [72BD2437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusStartup] [72BB5600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [72BB56BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipFree] [72BD24B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [72BC8514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [72BC4CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [72BC506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [72BC5144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72BC6671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [72BC826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [72BC87BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [72BC901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [72BCE1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\explorer.exe[8152] @ C:\windows\explorer.exe [gdiplus.dll!GdipCloneImage] [72BC4BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861F11E8
Device \FileSystem\fastfat \FatCdrom 872CC1E8
Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-0 8731B1E8
Device \Driver\usbehci \Device\USBPDO-1 8731B1E8

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{3F2991A9-E4CB-4840-A808-B1425092A4F7} 8552C430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86F211E8
Device \Driver\iaStor \Device\Ide\iaStor0 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B2CB390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86F211E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 86F211E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom3 86F211E8
Device \Driver\cdrom \Device\CdRom4 86F211E8
Device \Driver\cdrom \Device\CdRom5 86F211E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8552C430
Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbehci \Device\USBFDO-0 8731B1E8
Device \Driver\usbehci \Device\USBFDO-1 8731B1E8
Device \Driver\PCI_PNP7349 \Device\0000006f sptd.sys
Device \Driver\PCI_PNP7349 \Device\0000006f sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{BAB71129-EF19-4438-A8D6-E234585981B2} 8552C430
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target1Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target3Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target2Lun0 8739C1E8
Device \Driver\anzyeou9 \Device\Scsi\anzyeou91Port1Path0Target0Lun0 8739C1E8
Device \FileSystem\fastfat \Fat 872CC1E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c6c2b3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA6 0x5A 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0x68 0x7D 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x0A 0x63 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xE9 0x18 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xE5 0x5F 0x76 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x18 0xC5 0x9F 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c6c2b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xA6 0x5A 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0x68 0x7D 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x0A 0x63 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xE9 0x18 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xE5 0x5F 0x76 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x18 0xC5 0x9F 0x77 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\torrentdownload\IZotope Ozone\x2122 v4.01 + Keygen [GLADRAG_MANHUNT] [H33T]\iZotope_Ozone_Setup_v4_01.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Admin\Downloads\Amazing Hardstyle Kick .flp by DJ Frozen\Amazing Hardstyle Kick .flp by DJ Frozen\VST\xb4s Used\V-Station 1.20\Novation.V-Station.VSTi.v1.5.1.incl.Keygen-AiR\Novation.V-Station.VSTi.v1.5.1.incl.Keygen-AiR\Setup.exe 1

---- EOF - GMER 1.0.15 ----

Zatiaľ ĎAKUJEM za pomoc :) :worship:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Preventívka..... -pre motji

#24 Příspěvek od motji »

:arrow: Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#25 Příspěvek od Narfyk »

2011/03/24 18:13:55.0078 0756 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 18:13:57.0091 0756 ================================================================================
2011/03/24 18:13:57.0091 0756 SystemInfo:
2011/03/24 18:13:57.0091 0756
2011/03/24 18:13:57.0091 0756 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/24 18:13:57.0091 0756 Product type: Workstation
2011/03/24 18:13:57.0091 0756 ComputerName: PC4
2011/03/24 18:13:57.0091 0756 UserName: Admin
2011/03/24 18:13:57.0091 0756 Windows directory: C:\windows
2011/03/24 18:13:57.0091 0756 System windows directory: C:\windows
2011/03/24 18:13:57.0091 0756 Processor architecture: Intel x86
2011/03/24 18:13:57.0091 0756 Number of processors: 4
2011/03/24 18:13:57.0091 0756 Page size: 0x1000
2011/03/24 18:13:57.0091 0756 Boot type: Normal boot
2011/03/24 18:13:57.0091 0756 ================================================================================
2011/03/24 18:13:58.0854 0756 Initialize success
2011/03/24 18:14:01.0880 6984 ================================================================================
2011/03/24 18:14:01.0880 6984 Scan started
2011/03/24 18:14:01.0880 6984 Mode: Manual;
2011/03/24 18:14:01.0880 6984 ================================================================================
2011/03/24 18:14:02.0988 6984 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/03/24 18:14:03.0050 6984 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/03/24 18:14:03.0097 6984 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/03/24 18:14:03.0144 6984 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/03/24 18:14:03.0206 6984 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/03/24 18:14:03.0253 6984 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/03/24 18:14:03.0331 6984 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/03/24 18:14:03.0409 6984 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
2011/03/24 18:14:03.0471 6984 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
2011/03/24 18:14:03.0565 6984 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/03/24 18:14:03.0612 6984 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/03/24 18:14:03.0736 6984 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/03/24 18:14:03.0783 6984 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/03/24 18:14:03.0814 6984 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/03/24 18:14:03.0846 6984 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/03/24 18:14:03.0877 6984 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/24 18:14:04.0064 6984 amdkmdag (31d721abb4e9f25916398f67b56da997) C:\windows\system32\DRIVERS\atikmdag.sys
2011/03/24 18:14:04.0220 6984 amdkmdap (4e963590b19a0cfae12055316b23a86b) C:\windows\system32\DRIVERS\atikmpag.sys
2011/03/24 18:14:04.0267 6984 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/03/24 18:14:04.0314 6984 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
2011/03/24 18:14:04.0345 6984 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/03/24 18:14:04.0376 6984 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
2011/03/24 18:14:04.0438 6984 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/03/24 18:14:04.0548 6984 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/03/24 18:14:04.0594 6984 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/03/24 18:14:04.0626 6984 ARCVCAM (74fc764f43e68548b9024773cb94979c) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
2011/03/24 18:14:04.0657 6984 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\windows\system32\drivers\aswFsBlk.sys
2011/03/24 18:14:04.0719 6984 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\windows\system32\drivers\aswMonFlt.sys
2011/03/24 18:14:04.0766 6984 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\windows\system32\drivers\aswRdr.sys
2011/03/24 18:14:04.0891 6984 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\windows\system32\drivers\aswSnx.sys
2011/03/24 18:14:04.0953 6984 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\windows\system32\drivers\aswSP.sys
2011/03/24 18:14:05.0016 6984 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\windows\system32\drivers\aswTdi.sys
2011/03/24 18:14:05.0062 6984 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/24 18:14:05.0156 6984 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/03/24 18:14:05.0218 6984 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
2011/03/24 18:14:05.0281 6984 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\windows\system32\drivers\AtiHdmi.sys
2011/03/24 18:14:05.0390 6984 atikmdag (31d721abb4e9f25916398f67b56da997) C:\windows\system32\DRIVERS\atikmdag.sys
2011/03/24 18:14:05.0577 6984 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/03/24 18:14:05.0640 6984 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/03/24 18:14:05.0671 6984 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/03/24 18:14:05.0702 6984 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/03/24 18:14:05.0733 6984 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/03/24 18:14:05.0749 6984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/03/24 18:14:05.0780 6984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/03/24 18:14:05.0811 6984 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/03/24 18:14:05.0842 6984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/03/24 18:14:05.0858 6984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/03/24 18:14:05.0874 6984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/03/24 18:14:05.0983 6984 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
2011/03/24 18:14:06.0014 6984 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/03/24 18:14:06.0061 6984 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/03/24 18:14:06.0076 6984 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\windows\System32\Drivers\BTHport.sys
2011/03/24 18:14:06.0108 6984 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\windows\System32\Drivers\BTHUSB.sys
2011/03/24 18:14:06.0154 6984 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
2011/03/24 18:14:06.0201 6984 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
2011/03/24 18:14:06.0248 6984 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/03/24 18:14:06.0342 6984 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
2011/03/24 18:14:06.0373 6984 Bulk (b5414dc7fd0ececdd245c9bc6af65a00) C:\windows\system32\Drivers\HDJBulk.sys
2011/03/24 18:14:06.0622 6984 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/24 18:14:06.0669 6984 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/24 18:14:06.0716 6984 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/03/24 18:14:06.0763 6984 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\windows\system32\DRIVERS\cledx.sys
2011/03/24 18:14:06.0810 6984 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/03/24 18:14:06.0888 6984 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/24 18:14:06.0919 6984 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/03/24 18:14:06.0966 6984 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/03/24 18:14:06.0997 6984 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/24 18:14:07.0044 6984 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/03/24 18:14:07.0106 6984 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/03/24 18:14:07.0153 6984 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
2011/03/24 18:14:07.0262 6984 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/03/24 18:14:07.0293 6984 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/03/24 18:14:07.0356 6984 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/03/24 18:14:07.0402 6984 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/03/24 18:14:07.0449 6984 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/24 18:14:07.0496 6984 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/24 18:14:07.0636 6984 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/03/24 18:14:07.0746 6984 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/03/24 18:14:07.0777 6984 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/03/24 18:14:07.0824 6984 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/03/24 18:14:07.0902 6984 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/03/24 18:14:07.0933 6984 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/03/24 18:14:07.0964 6984 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/03/24 18:14:07.0980 6984 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/03/24 18:14:08.0058 6984 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/24 18:14:08.0089 6984 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/03/24 18:14:08.0136 6984 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/03/24 18:14:08.0151 6984 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/24 18:14:08.0198 6984 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/03/24 18:14:08.0292 6984 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/03/24 18:14:08.0338 6984 hamachi (833051c6c6c42117191935f734cfbd97) C:\windows\system32\DRIVERS\hamachi.sys
2011/03/24 18:14:08.0354 6984 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/03/24 18:14:08.0432 6984 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/03/24 18:14:08.0479 6984 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/03/24 18:14:08.0526 6984 HDJMidi (bc1dda553c6b60ceb152c59e65471bb0) C:\windows\system32\DRIVERS\HDJMidi.sys
2011/03/24 18:14:08.0619 6984 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2011/03/24 18:14:08.0666 6984 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/03/24 18:14:08.0682 6984 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/03/24 18:14:08.0728 6984 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/03/24 18:14:08.0775 6984 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
2011/03/24 18:14:08.0853 6984 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/03/24 18:14:08.0947 6984 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/24 18:14:08.0994 6984 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/03/24 18:14:09.0056 6984 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/03/24 18:14:09.0118 6984 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/03/24 18:14:09.0165 6984 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/03/24 18:14:09.0228 6984 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
2011/03/24 18:14:09.0306 6984 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
2011/03/24 18:14:09.0415 6984 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/03/24 18:14:09.0508 6984 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/03/24 18:14:09.0602 6984 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/03/24 18:14:09.0633 6984 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/24 18:14:09.0680 6984 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/24 18:14:09.0727 6984 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/03/24 18:14:09.0758 6984 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/03/24 18:14:09.0789 6984 Ipprgp (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\drivers\btwl2cap.sys
2011/03/24 18:14:09.0820 6984 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/03/24 18:14:09.0852 6984 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/03/24 18:14:09.0898 6984 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/03/24 18:14:09.0976 6984 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/03/24 18:14:10.0008 6984 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/03/24 18:14:10.0070 6984 ksaud (130022e649bc3dd177568b4022c29354) C:\windows\system32\drivers\ksaud.sys
2011/03/24 18:14:10.0132 6984 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/03/24 18:14:10.0164 6984 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/03/24 18:14:10.0242 6984 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/24 18:14:10.0366 6984 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/03/24 18:14:10.0398 6984 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/03/24 18:14:10.0413 6984 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/03/24 18:14:10.0444 6984 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/03/24 18:14:10.0491 6984 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/03/24 18:14:10.0522 6984 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/03/24 18:14:10.0554 6984 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/03/24 18:14:10.0600 6984 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
2011/03/24 18:14:10.0663 6984 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
2011/03/24 18:14:10.0710 6984 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
2011/03/24 18:14:10.0725 6984 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
2011/03/24 18:14:10.0756 6984 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
2011/03/24 18:14:10.0772 6984 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/03/24 18:14:10.0819 6984 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/03/24 18:14:10.0850 6984 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/03/24 18:14:10.0897 6984 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/24 18:14:10.0928 6984 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/03/24 18:14:11.0022 6984 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/03/24 18:14:11.0068 6984 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/03/24 18:14:11.0100 6984 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/03/24 18:14:11.0162 6984 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/24 18:14:11.0178 6984 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/24 18:14:11.0209 6984 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/24 18:14:11.0240 6984 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/03/24 18:14:11.0271 6984 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/03/24 18:14:11.0318 6984 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/03/24 18:14:11.0380 6984 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/03/24 18:14:11.0412 6984 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/03/24 18:14:11.0490 6984 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/24 18:14:11.0505 6984 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/24 18:14:11.0521 6984 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/03/24 18:14:11.0552 6984 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/03/24 18:14:11.0568 6984 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/03/24 18:14:11.0583 6984 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/03/24 18:14:11.0614 6984 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/03/24 18:14:11.0646 6984 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/03/24 18:14:11.0692 6984 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/24 18:14:11.0755 6984 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/03/24 18:14:11.0833 6984 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/03/24 18:14:11.0880 6984 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/24 18:14:11.0911 6984 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/24 18:14:11.0942 6984 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/24 18:14:11.0989 6984 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/03/24 18:14:12.0020 6984 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/03/24 18:14:12.0067 6984 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/03/24 18:14:12.0192 6984 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/03/24 18:14:12.0238 6984 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/03/24 18:14:12.0254 6984 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/03/24 18:14:12.0316 6984 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
2011/03/24 18:14:12.0348 6984 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/03/24 18:14:12.0394 6984 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
2011/03/24 18:14:12.0410 6984 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
2011/03/24 18:14:12.0441 6984 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/03/24 18:14:12.0519 6984 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/03/24 18:14:12.0582 6984 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/03/24 18:14:12.0628 6984 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/03/24 18:14:12.0660 6984 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/03/24 18:14:12.0691 6984 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/03/24 18:14:12.0706 6984 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/03/24 18:14:12.0738 6984 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/24 18:14:12.0784 6984 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/03/24 18:14:12.0831 6984 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/03/24 18:14:12.0956 6984 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/24 18:14:13.0003 6984 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/03/24 18:14:13.0050 6984 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/03/24 18:14:13.0096 6984 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/03/24 18:14:13.0143 6984 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/03/24 18:14:13.0190 6984 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/03/24 18:14:13.0268 6984 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/24 18:14:13.0330 6984 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/03/24 18:14:13.0362 6984 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/24 18:14:13.0393 6984 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/24 18:14:13.0408 6984 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/24 18:14:13.0455 6984 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/24 18:14:13.0486 6984 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/03/24 18:14:13.0533 6984 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/24 18:14:13.0596 6984 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/03/24 18:14:13.0658 6984 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/03/24 18:14:13.0705 6984 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/03/24 18:14:13.0767 6984 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/03/24 18:14:13.0830 6984 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/03/24 18:14:13.0876 6984 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/24 18:14:13.0923 6984 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\windows\system32\Drivers\RtsUStor.sys
2011/03/24 18:14:13.0970 6984 RsvLock (92787f633f2724772aa03cffc2ccffe0) C:\windows\system32\drivers\RsvLock.sys
2011/03/24 18:14:14.0064 6984 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/03/24 18:14:14.0095 6984 SafeBoot (fbf042e3750acbf512e599b37b75bb53) C:\windows\system32\drivers\SafeBoot.sys
2011/03/24 18:14:14.0095 6984 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: fbf042e3750acbf512e599b37b75bb53
2011/03/24 18:14:14.0095 6984 SafeBoot - detected Locked file (1)
2011/03/24 18:14:14.0126 6984 SbAlg (7adbb5d76fc0452a413dc01f453112a0) C:\windows\system32\drivers\SbAlg.sys
2011/03/24 18:14:14.0142 6984 SbFsLock (0b722e0e599e9dc6c3763daad1b2bbe3) C:\windows\system32\drivers\SbFsLock.sys
2011/03/24 18:14:14.0188 6984 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/03/24 18:14:14.0235 6984 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/03/24 18:14:14.0376 6984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/03/24 18:14:14.0438 6984 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/03/24 18:14:14.0469 6984 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/03/24 18:14:14.0500 6984 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/03/24 18:14:14.0547 6984 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/03/24 18:14:14.0563 6984 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/03/24 18:14:14.0578 6984 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/03/24 18:14:14.0610 6984 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/03/24 18:14:14.0656 6984 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/03/24 18:14:14.0688 6984 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/03/24 18:14:14.0734 6984 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/03/24 18:14:14.0812 6984 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/03/24 18:14:14.0906 6984 SNP2UVC (1fdd4915fd7e49d320aa8eec9827eb09) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/03/24 18:14:14.0953 6984 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/03/24 18:14:15.0031 6984 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
2011/03/24 18:14:15.0031 6984 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
2011/03/24 18:14:15.0031 6984 sptd - detected Locked file (1)
2011/03/24 18:14:15.0124 6984 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\windows\system32\DRIVERS\srv.sys
2011/03/24 18:14:15.0156 6984 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\windows\system32\DRIVERS\srv2.sys
2011/03/24 18:14:15.0218 6984 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/24 18:14:15.0280 6984 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/03/24 18:14:15.0327 6984 STHDA (4e5c74bd3244139ecaa73cc2c0f8b86b) C:\windows\system32\DRIVERS\stwrt.sys
2011/03/24 18:14:15.0374 6984 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/03/24 18:14:15.0499 6984 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/24 18:14:15.0592 6984 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
2011/03/24 18:14:15.0639 6984 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/24 18:14:15.0702 6984 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/03/24 18:14:15.0733 6984 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/03/24 18:14:15.0826 6984 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/03/24 18:14:15.0873 6984 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/03/24 18:14:15.0920 6984 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/03/24 18:14:15.0982 6984 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
2011/03/24 18:14:16.0014 6984 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/24 18:14:16.0076 6984 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/03/24 18:14:16.0201 6984 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/24 18:14:16.0232 6984 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/03/24 18:14:16.0294 6984 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/03/24 18:14:16.0357 6984 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/03/24 18:14:16.0404 6984 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/03/24 18:14:16.0435 6984 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/03/24 18:14:16.0528 6984 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
2011/03/24 18:14:16.0560 6984 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/03/24 18:14:16.0591 6984 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/24 18:14:16.0622 6984 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
2011/03/24 18:14:16.0669 6984 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/24 18:14:16.0700 6984 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/24 18:14:16.0731 6984 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\drivers\USBSTOR.SYS
2011/03/24 18:14:16.0762 6984 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/24 18:14:16.0794 6984 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/03/24 18:14:16.0840 6984 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/03/24 18:14:16.0934 6984 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/24 18:14:16.0965 6984 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/03/24 18:14:16.0996 6984 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/03/24 18:14:17.0012 6984 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/03/24 18:14:17.0043 6984 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/03/24 18:14:17.0074 6984 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/03/24 18:14:17.0152 6984 vmm (e41fef9e3056fe88c71e411f705be41e) C:\windows\system32\Drivers\vmm.sys
2011/03/24 18:14:17.0184 6984 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/03/24 18:14:17.0230 6984 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/03/24 18:14:17.0324 6984 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/03/24 18:14:17.0371 6984 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\windows\system32\DRIVERS\VMNetSrv.sys
2011/03/24 18:14:17.0418 6984 Vsdatant (24334b105bde93d82495358b219f7b76) C:\windows\system32\DRIVERS\vsdatant.sys
2011/03/24 18:14:17.0480 6984 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/03/24 18:14:17.0527 6984 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/03/24 18:14:17.0558 6984 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/03/24 18:14:17.0636 6984 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/03/24 18:14:17.0667 6984 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/24 18:14:17.0683 6984 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/24 18:14:17.0761 6984 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/03/24 18:14:17.0792 6984 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/03/24 18:14:17.0870 6984 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/03/24 18:14:17.0901 6984 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/03/24 18:14:18.0010 6984 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
2011/03/24 18:14:18.0057 6984 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/03/24 18:14:18.0104 6984 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/24 18:14:18.0166 6984 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/03/24 18:14:18.0213 6984 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/24 18:14:18.0291 6984 YMIDUSBW (7302d07c824fa6865c648b1c9864e290) C:\windows\system32\drivers\ymidusbw.sys
2011/03/24 18:14:18.0478 6984 ================================================================================
2011/03/24 18:14:18.0478 6984 Scan finished
2011/03/24 18:14:18.0478 6984 ================================================================================
2011/03/24 18:14:18.0478 5292 Detected object count: 2
2011/03/24 18:14:27.0090 5292 Locked file(SafeBoot) - User select action: Skip
2011/03/24 18:14:27.0090 5292 Locked file(sptd) - User select action: Skip

Snáď som nič nepos***
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Preventívka..... -pre motji

#26 Příspěvek od motji »

Ne, je to v pořádku.
Jak se chová počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#27 Příspěvek od Narfyk »

Dobre, už sa mi podarilo odinštalovať DAEMONa :D.
A načo je ten SafeBoot.sys ? :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Preventívka..... -pre motji

#28 Příspěvek od motji »

Máš notebook od HP?
To je šifrování dat, nebo tak něco, hlavně ho nemaž. Když už máš Daemona pryč, prosím udělej znovu gmer :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#29 Příspěvek od Narfyk »

Znova soráč za oneskorenie (minulý týždeň som dosť chýbal v škole, takže som musel podopisovať veci, písomky, atď...).
Dúfam že nevadí, že som len odinštaloval DAEMONa (ostatné veci som neurobil).
1.:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-31 14:14:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgddapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91A8983C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [8BB3F390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BB3F390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BB3F390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs 869F11E8
Device \FileSystem\fastfat \Fat 87AA41E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Nahoru
Narfyk
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 208
Registrován: 07 čer 2010 17:54
Bydliště: SK
Kontaktovat uživatele:
Kontaktovat uživatele Narfyk

Re: Preventívka..... -pre motji

#30 Příspěvek od Narfyk »

2.:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-31 15:01:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00
Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgddapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91A74A68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x90EA9BBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x90EAA48A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x90EA9610]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90EA2E42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90EC4760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x90EAA11A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90EBE5AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90EBE9D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90EC8EE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90EBEE4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x90EAA278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90EA3B7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90EC6212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90EC5B06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90EBD38E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91A74B18]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90EC6BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90EC6E1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90EC72D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90EA3730]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90EC0AD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x90EC06C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91A74BB0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90EC7CB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90EC759A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x90EA91A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90EC871E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90EA98DC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90EA3F8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90EC8242]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90EC5226]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90EBF6D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90EBF404]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91A8983C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8364E339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83687D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8368EDE8 4 Bytes [68, 4A, A7, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 8368EDF4 8 Bytes JMP EAA48A90
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 8368EE88 4 Bytes [10, 96, EA, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 8368EEA4 4 Bytes [42, 2E, EA, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 8368EEB4 4 Bytes [60, 47, EC, 90] {PUSHA ; INC EDI; IN AL, DX ; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 837D7B78 7 Bytes JMP 91A89840 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8381CB6C 5 Bytes JMP 91A8529E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8383516E 5 Bytes JMP 91A86D50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys 8B8B4000 8 Bytes [8E, 7A, A2, 83, A0, 57, A2, ...]
.text sptd.sys 8B8B4009 23 Bytes [57, A2, 83, 34, F2, A2, 83, ...]
.text sptd.sys 8B8B4024 4 Bytes [44, 05, 9E, 8B]
.text sptd.sys 8B8B402C 96 Bytes [7D, 94, 7D, 83, D8, 8E, 64, ...]
.text sptd.sys 8B8B408D 91 Bytes [C5, 64, 83, 1A, 75, 64, 83, ...]
.text ...
.sptd2 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B98E0AD]
? C:\windows\System32\Drivers\sptd.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
? C:\windows\System32\Drivers\SafeBoot.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E15000, 0x2FBD68, 0xE8000020]
.text USBPORT.SYS!DllUnload 938B6D81 5 Bytes JMP 87A891C8

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\wininit.exe[584] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0003006C
.text C:\windows\system32\wininit.exe[584] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00030030
.text C:\windows\system32\wininit.exe[584] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 000C0120
.text C:\windows\system32\wininit.exe[584] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 000C006C
.text C:\windows\system32\wininit.exe[584] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 000C00E4
.text C:\windows\system32\wininit.exe[584] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 000C0030
.text C:\windows\system32\wininit.exe[584] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 000C00A8
.text C:\windows\system32\services.exe[640] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\services.exe[640] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\system32\lsass.exe[656] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\lsass.exe[656] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\system32\lsass.exe[656] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 000D0120
.text C:\windows\system32\lsass.exe[656] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 000D006C
.text C:\windows\system32\lsass.exe[656] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 000D00E4
.text C:\windows\system32\lsass.exe[656] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 000D0030
.text C:\windows\system32\lsass.exe[656] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 000D00A8
.text C:\windows\system32\lsm.exe[664] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 000A006C
.text C:\windows\system32\lsm.exe[664] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 000A0030
.text C:\windows\system32\SearchFilterHost.exe[752] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\SearchFilterHost.exe[752] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\system32\SearchFilterHost.exe[752] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00100120
.text C:\windows\system32\SearchFilterHost.exe[752] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0010006C
.text C:\windows\system32\SearchFilterHost.exe[752] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 001000E4
.text C:\windows\system32\SearchFilterHost.exe[752] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00100030
.text C:\windows\system32\SearchFilterHost.exe[752] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 001000A8
.text C:\windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00200120
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0020006C
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 002000E4
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00200030
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[896] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 002000A8
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0016006C
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00160030
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00200120
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0020006C
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 002000E4
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00200030
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[932] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 002000A8
.text C:\windows\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\system32\atiesrxx.exe[1028] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0016006C
.text C:\windows\system32\atiesrxx.exe[1028] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00160030
.text C:\windows\system32\atiesrxx.exe[1028] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 001F0120
.text C:\windows\system32\atiesrxx.exe[1028] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 001F006C
.text C:\windows\system32\atiesrxx.exe[1028] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 001F00E4
.text C:\windows\system32\atiesrxx.exe[1028] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 001F0030
.text C:\windows\system32\atiesrxx.exe[1028] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 001F00A8
.text C:\windows\servicing\TrustedInstaller.exe[1076] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0005006C
.text C:\windows\servicing\TrustedInstaller.exe[1076] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00050030
.text C:\windows\servicing\TrustedInstaller.exe[1076] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00100120
.text C:\windows\servicing\TrustedInstaller.exe[1076] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0010006C
.text C:\windows\servicing\TrustedInstaller.exe[1076] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 001000E4
.text C:\windows\servicing\TrustedInstaller.exe[1076] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00100030
.text C:\windows\servicing\TrustedInstaller.exe[1076] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 001000A8
.text C:\windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 002B0120
.text C:\windows\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 002B006C
.text C:\windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 002B00E4
.text C:\windows\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 002B0030
.text C:\windows\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 002B00A8
.text C:\windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[1160] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00970120
.text C:\windows\System32\svchost.exe[1160] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0097006C
.text C:\windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 009700E4
.text C:\windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00970030
.text C:\windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 009700A8
.text C:\windows\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 01120120
.text C:\windows\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0112006C
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 011200E4
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 01120030
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 76B86D0C 5 Bytes JMP 011200A8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] ntdll.dll!LdrUnloadDll 7719C8DE 5 Bytes JMP 0016006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] ntdll.dll!LdrLoadDll 771A22B8 5 Bytes JMP 00160030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] USER32.dll!UnhookWindowsHookEx 76B5ADF9 5 Bytes JMP 00200120
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] USER32.dll!UnhookWinEvent 76B5B750 5 Bytes JMP 0020006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] USER32.dll!SetWindowsHookExW 76B5E30C 5 Bytes JMP 002000E4
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] USER32.dll!SetWinEventHook 76B624DC 5 Bytes JMP 00200030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[1220] USER32.dll!SetWindowsHookExA
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“