Prosím o kontrolu : Podivné chování internetu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 14 lis 2009 14:48

2009-11-07 13:13 . 2000-11-07 15:19 1614 ------w- c:\worms\data\Level\Hospital\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2050 ------w- c:\worms\data\Custom\Hell\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2050 ------w- c:\worms\data\Level\Hell\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1813 ------w- c:\worms\data\Custom\-Farm\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 957 ------w- c:\worms\data\Custom\-Forest\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 957 ------w- c:\worms\data\Custom\Forest\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1281 ------w- c:\worms\data\Custom\Fruit\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2404 ------w- c:\worms\data\Custom\Gulf\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 957 ------w- c:\worms\data\Level\-Forest\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1281 ------w- c:\worms\data\Level\Fruit\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2065 ------w- c:\worms\data\Custom\Easter\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2065 ------w- c:\worms\data\Level\Easter\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1813 ------w- c:\worms\data\Level\Medieval\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2404 ------w- c:\worms\data\Custom\-Desert\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2048 ------w- c:\worms\data\Custom\Dinos\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 909 ------w- c:\worms\data\Custom\Domestic\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1799 ------w- c:\worms\data\Custom\Dungeon\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2048 ------w- c:\worms\data\Level\Dinos\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 909 ------w- c:\worms\data\Level\Domestic\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1799 ------w- c:\worms\data\Level\Dungeon\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1913 ------w- c:\worms\data\Custom\Construction\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1674 ------w- c:\worms\data\Custom\Desert\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1913 ------w- c:\worms\data\Level\Construction\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1674 ------w- c:\worms\data\Level\Desert\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2404 ------w- c:\worms\data\Level\Gulf\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2357 ------w- c:\worms\data\Custom\Cheese\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2357 ------w- c:\worms\data\Level\Cheese\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2087 ------w- c:\worms\data\Custom\-Beach\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1864 ------w- c:\worms\data\Custom\Art\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 1864 ------w- c:\worms\data\Level\Art\SOIL.IMG
2009-11-07 13:13 . 2000-11-07 15:19 2087 ------w- c:\worms\data\Level\Pirate\SOIL.IMG
2009-11-07 13:13 . 1999-05-20 00:44 1403 ------w- c:\worms\data\filter.FTR
2009-11-07 13:13 . 2000-12-01 13:20 237 ------w- c:\worms\DXLayouts\00000103.LYT
2009-11-07 13:13 . 2000-12-01 13:03 257 ------w- c:\worms\DXLayouts\00000130.LYT
2009-11-07 13:13 . 2000-12-01 14:17 137 ------w- c:\worms\DXLayouts\00000341.LYT
2009-11-07 13:13 . 2000-12-01 14:19 217 ------w- c:\worms\DXLayouts\00004940.LYT
2009-11-07 13:13 . 2000-12-01 13:26 517 ------w- c:\worms\DXLayouts\00004942.LYT
2009-11-07 13:13 . 2000-12-01 13:58 517 ------w- c:\worms\DXLayouts\00000133.LYT
2009-11-07 13:13 . 2000-12-01 14:01 317 ------w- c:\worms\DXLayouts\00000140.LYT
2009-11-07 13:13 . 2000-12-01 12:54 417 ------w- c:\worms\DXLayouts\00000141.LYT
2009-11-07 13:13 . 2000-12-01 14:01 357 ------w- c:\worms\DXLayouts\00000142.LYT
2009-11-07 13:13 . 2000-12-01 14:00 1077 ------w- c:\worms\DXLayouts\00000306.LYT
2009-11-07 13:13 . 2000-12-01 14:01 317 ------w- c:\worms\DXLayouts\00000326.LYT
2009-11-07 13:13 . 2000-12-01 13:19 357 ------w- c:\worms\DXLayouts\00000327.LYT
2009-11-07 13:13 . 2000-12-01 13:19 297 ------w- c:\worms\DXLayouts\00000328.LYT
2009-11-07 13:13 . 2000-12-01 13:15 997 ------w- c:\worms\DXLayouts\00004954.LYT
2009-11-07 13:13 . 2000-12-01 14:12 437 ------w- c:\worms\DXLayouts\00000200.LYT
2009-11-07 13:13 . 2000-12-01 14:03 1077 ------w- c:\worms\DXLayouts\00000204.LYT
2009-11-07 13:13 . 2000-12-01 13:12 217 ------w- c:\worms\DXLayouts\00000322.LYT
2009-11-07 13:13 . 2000-12-01 12:55 457 ------w- c:\worms\DXLayouts\00004941.LYT
2009-11-07 13:13 . 2000-12-01 14:19 437 ------w- c:\worms\DXLayouts\00004944.LYT
2009-11-07 13:13 . 2000-12-01 13:33 337 ------w- c:\worms\DXLayouts\00004945.LYT
2009-11-07 13:13 . 2000-12-01 13:02 277 ------w- c:\worms\DXLayouts\00004946.LYT
2009-11-07 13:13 . 2000-12-01 14:19 197 ------w- c:\worms\DXLayouts\00004953.LYT
2009-11-07 13:13 . 2000-12-01 13:57 177 ------w- c:\worms\DXLayouts\00000300.LYT
2009-11-07 13:13 . 2000-12-01 13:57 177 ------w- c:\worms\DXLayouts\00000301.LYT
2009-11-07 13:13 . 2000-12-01 14:01 377 ------w- c:\worms\DXLayouts\00000325.LYT
2009-11-07 13:13 . 2000-12-01 14:02 197 ------w- c:\worms\DXLayouts\00000354.LYT
2009-11-07 13:13 . 2000-12-01 14:08 177 ------w- c:\worms\DXLayouts\00004947.LYT
2009-11-07 13:13 . 2001-02-05 10:42 217 ------w- c:\worms\DXLayouts\00004948.LYT
2009-11-07 13:13 . 2000-12-01 14:12 217 ------w- c:\worms\DXLayouts\00004949.LYT
2009-11-07 13:13 . 2000-12-01 14:16 197 ------w- c:\worms\DXLayouts\00004952.LYT
2009-11-07 13:13 . 2000-12-01 12:53 217 ------w- c:\worms\DXLayouts\00000129.LYT
2009-11-07 13:13 . 2000-12-01 12:55 817 ------w- c:\worms\DXLayouts\00000209.LYT
2009-11-07 13:13 . 2000-12-01 12:55 1857 ------w- c:\worms\DXLayouts\00000210.LYT
2009-11-07 13:13 . 2000-12-01 13:59 897 ------w- c:\worms\DXLayouts\00000219.LYT
2009-11-07 13:13 . 2000-12-01 13:57 177 ------w- c:\worms\DXLayouts\00000287.LYT
2009-11-07 13:13 . 2000-12-01 13:57 177 ------w- c:\worms\DXLayouts\00000304.LYT
2009-11-07 13:13 . 2000-12-01 18:38 437 ------w- c:\worms\DXLayouts\00000305.LYT
2009-11-07 13:13 . 2000-12-01 12:53 317 ------w- c:\worms\DXLayouts\00000355.LYT
2009-11-07 13:13 . 2000-12-01 18:38 237 ------w- c:\worms\DXLayouts\00004939.LYT
2009-11-07 13:13 . 2000-11-27 12:32 4710 ------w- c:\worms\Wwp.ICO
2009-11-07 13:13 . 2000-12-01 12:53 997 ------w- c:\worms\DXLayouts\00000205.LYT
2009-11-07 13:13 . 2000-12-01 12:52 2077 ------w- c:\worms\DXLayouts\00000348.LYT
2009-11-07 13:13 . 2000-12-01 12:52 937 ------w- c:\worms\DXLayouts\00000356.LYT
2009-11-07 13:13 . 2000-12-01 18:38 177 ------w- c:\worms\DXLayouts\00000357.LYT
2009-11-07 13:13 . 1998-05-11 19:01 280576 ------w- c:\worms\MSVCRT.DLL
2009-11-07 13:13 . 1999-04-26 23:00 995383 ------w- c:\worms\MFC42.DLL
2009-11-07 13:13 . 1999-03-29 12:48 105472 ------w- c:\worms\ltfil10N.DLL
2009-11-07 13:13 . 1999-03-29 12:48 297984 ------w- c:\worms\ltkrn10N.dll
2009-11-07 13:13 . 1999-03-29 12:48 269312 ------w- c:\worms\LFCMP10N.DLL
2009-11-07 13:13 . 1999-03-29 12:48 31744 ------w- c:\worms\lflmb10N.dll
2009-11-07 13:13 . 1999-03-29 12:48 27648 ------w- c:\worms\lftga10N.dll
2009-11-07 13:13 . 1999-03-29 12:48 34304 ------w- c:\worms\lfbmp10N.dll
2009-11-07 13:13 . 2000-08-16 20:15 122880 ------w- c:\worms\Landgen.exe


------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 23:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-02-03 2181672]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-06 3367424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 8740864]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"Trust Gaming mouse"="c:\program files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 249856]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-06-07 1817600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-21 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
prf1D24.tmp [2008-10-11 0]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-1-21 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\cod5\\CoDWaWmp.exe"=
"c:\\cod5\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15236:TCP"= 15236:TCP:BitComet 15236 TCP
"15236:UDP"= 15236:UDP:BitComet 15236 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [20.1.2007 14:10 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [20.1.2007 14:10 5248]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [8.10.2008 22:22 17264]
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [19.7.2007 15:45 64616]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [19.7.2007 15:43 68208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7.2.2008 19:43 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.9.2002 18:21 22912]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [25.4.2009 0:33 603904]
R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [19.3.2002 12:15 36864]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [28.4.2008 17:02 1290240]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [21.1.2007 20:47 25088]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [18.10.2009 13:18 26804]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Krueger\Data aplikací\Mozilla\Firefox\Profiles\6l7o68rp.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Fraps - c:\program files\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 14:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A56CA90]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a56ca90
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,dd,fe,94,b1,12,e1,37,4e,b7,b3,fe,3e,03,9d,5b,c6,b9,66,bd,a8,ff,3c,
09,4d,4c,af,e2,27,a6,e9,cc,ff,95,eb,b8,9b,01,45,8f,29,78,ba,b7,bb,ea,54,8f,\
"??"=hex:07,e2,fd,da,29,3a,fa,10,3a,2b,ff,bd,40,30,e7,5d

[HKEY_USERS\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,da,2d,d5,a2,75,e2,6c,80,20,56,39,d8,a9,15,b6,d9,52,12,a4,fe,
58,f2,db,13,d0,91,50,20,43,66,06,d6,ac,76,97,d3,07,1d,d4,ad,ab,3f,9d,60,f3,\
"rkeysecu"=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2009-11-14 14:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-14 13:24
ComboFix2.txt 2009-11-07 17:50

Před spuštěním: 6 081 331 200
Po spuštění: 5 955 284 992

- - End Of File - - BBB77CD86DC0D011DD97A28143AD9B3E


Uff :D
Nahoru
Reklama
Top
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 14 lis 2009 14:53

+ Nová konotrola přes hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:21, on 14.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\programy\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9302026500
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 8771 bytes

2. Krok:
Na virus total: po nahrávání souboru se zobrazilo toto
0 bytes size received / Se ha recibido un archivo vacio

3.Krok:

Nejde mi provést.. z odkazu se mi stáhl 75Kb soubor při spuštění se objeví okno na cca 2sec a poté se zase zavře a konec...
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43295
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod jaro3 » 15 lis 2009 09:15

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Stáhni si GMER z některého z následujích odkazů:
http://hype.free.googlepages.com/gmer.zip
http://majorgeeks.com/GMER_d5198.html
http://www2.gmer.net/gmer.zip
Rozbal ho a ulož na plochu.Odpoj se od netu a zavři všechny ostatní aplikace.
Poklepej na GMER ke startu programu.
Povol gmer.sys driver , když se Tě program zeptá.
Proběhne varování a poté se Tě zeptá zda může provést sken- zvol NE. Klikni na : >>>
Klikni na setting , poté dej zatržítko na prvních 5 nastaveních:
System Protection and Tracing
Processes
Save created processes to the log
Drivers
Save loaded drivers to the log

Budeš vybídnut k restartu PC- povol. Po restartu spusť znovu GMER, a klikni na :
Rootkit tab.[list]
Podívej se na pravou stranu pod soubory a odejmi zatržítko všech disků s výjimkou Tvého C:\.
Ujisti se , že vpravo všechny boxy ostatní jsou označeny EXCEPT for Show All.
Klikni na Scan a počkej až sken proběhne.
Po dobu skenu neprováděj žádnou jinou činnost, můžeš raději deaktivovat antivir.Na konci skenu
Se tlačítko STOP změní na SCAN.Když je sken ukončen, klikni na Copy a pak pravým na plochu
A vyber nový- textový dokument. Jakmile je soubor vytvořen otevři ho a pravým vyber vložit.
Ulož soubor jako : gmer.txt
Obsah sem pak vlož.
Pokud nepůjde spustit v normálním režimu, můžeš ho zkusit v nouzovém režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 15 lis 2009 21:15

Dr. při běžné kontrole nic nenašel při důkladné jen přesenul 4 sobory jako rizikové /byly z converteru videa/

zde log z gmeru
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-11-15 21:02:25
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT d346bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT d346bus.sys ZwEnumerateKey
SSDT d346bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT d346bus.sys ZwQueryKey
SSDT d346bus.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT d346bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C80 8050450C 8 Bytes [ 1A, FA, 7B, B6, 10, F9, 7B, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504548 8 Bytes [ 34, 10, 7C, B6, 54, CD, 7B, ... ]
PAGENDSM NDIS.sys!NdisMIndicateStatus B9DA69EF 6 Bytes [ FF, 25, B0, EB, 7C, B6 ]

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe[168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[236] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\My Lockbox\flockbox.exe[248] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\My Lockbox\flockbox.exe[248] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\My Lockbox\flockbox.exe[248] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\My Lockbox\flockbox.exe[248] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\My Lockbox\flockbox.exe[248] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\My Lockbox\flockbox.exe[248] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\QuickTime\qttask.exe[256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\QuickTime\qttask.exe[256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[300] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\D-Link\Air Utility\AirCFG.exe[308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00140DB0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00140F54
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00140D24
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00140E3C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00140FE0
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[456] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00140EC8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[464] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\EXPERTool\TBPANEL.exe[512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\Program Files\Messenger\msmsgs.exe[560] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\Program Files\Messenger\msmsgs.exe[560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\Program Files\Messenger\msmsgs.exe[560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Program Files\Messenger\msmsgs.exe[560] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\Program Files\Messenger\msmsgs.exe[560] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\Program Files\Messenger\msmsgs.exe[560] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\Program Files\Messenger\msmsgs.exe[560] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Microsoft ActiveSync\rapimgr.exe[600] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[788] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateThread 7C8106C7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!WinExec 7C8623AD 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[884] KERNEL32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[884] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[884] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[908] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[908] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[908] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[908] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[952] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[952] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[952] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\savedump.exe[964] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\savedump.exe[964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\savedump.exe[964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 15 lis 2009 21:17

.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[972] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[972] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[972] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[1036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[1036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wuauclt.exe[1036] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wuauclt.exe[1036] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wuauclt.exe[1036] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\ATKKBService.exe[1108] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\ATKKBService.exe[1108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\ATKKBService.exe[1108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrA.exe[1404] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[1456] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[1456] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[1456] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[1456] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\Krueger\Plocha\gmer.exe[1480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] WS2_32.dll!socket 71A94211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] WS2_32.dll!bind 71A94480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\PnkBstrB.exe[1552] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1788] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1788] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1788] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[1952] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[1952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetOpenW 771AAF29 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetOpenA 771B578E 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetOpenUrlA 771B5A5A 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[1952] WININET.dll!InternetOpenUrlW 771C5B72 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1952] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[1952] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[1952] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] WS2_32.dll!socket 71A94211 5 Bytes JMP 001408C4
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] WS2_32.dll!bind 71A94480 5 Bytes JMP 00140838
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[2008] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00140950
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\D-Tools\daemon.exe[2016] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\D-Tools\daemon.exe[2016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\D-Tools\daemon.exe[2016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001407AC
.text C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00140004
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0014011C
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001404F0
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0014057C
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001403D8
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0014034C
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00140464
.text C:\Program Files\Winamp\winampa.exe[2044] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00140608
.text C:\Program Files\Winamp\winampa.exe[2044] USER32.dll!SetWindowsHookExW
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 15 lis 2009 21:18

.text C:\Program Files\Winamp\winampa.exe[2044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00140720
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] WS2_32.dll!socket 71A94211 5 Bytes JMP 000708C4
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] WS2_32.dll!bind 71A94480 5 Bytes JMP 00070838
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00070950
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\TUProgSt.exe[2092] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\TUProgSt.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\TUProgSt.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\WZCBDL Service\WZCBDLS.exe[2224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[2636] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[2636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[2636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[3320] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[3320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[3320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[3320] WS2_32.dll!socket 71A94211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[3320] WS2_32.dll!bind 71A94480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[3320] WS2_32.dll!connect 71A94A07 5 Bytes JMP 00080950

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8AC3C578
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 8AB98F60
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 8AB98F60
Device \Driver\fwdrv \Device\FWDRV IRP_MJ_READ 8A946AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8AA6C570
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8A8C4C20
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8AA6C570
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 IRP_MJ_PNP 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_PNP 8A949488
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 15 lis 2009 21:18

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_CREATE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_CREATE_NAMED_PIPE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_CLOSE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_READ 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_WRITE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_QUERY_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SET_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_QUERY_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SET_EA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_FLUSH_BUFFERS 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_QUERY_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SET_VOLUME_INFORMATION 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_DIRECTORY_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_FILE_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SHUTDOWN 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_LOCK_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_CLEANUP 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_CREATE_MAILSLOT 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_QUERY_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SET_SECURITY 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_POWER 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SYSTEM_CONTROL 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_DEVICE_CHANGE 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_QUERY_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_SET_QUOTA 8A949488
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 IRP_MJ_PNP 8A949488
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 8AA6C570
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 8AA6C570
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8A6A34B0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8A8C15B0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8A8C15B0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8A8FCE70
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8A9154C0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_CREATE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_CLOSE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_READ 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_WRITE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SET_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SET_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SHUTDOWN 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_CLEANUP 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SET_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_POWER 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_SET_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target1Lun0 IRP_MJ_PNP 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_NAMED_PIPE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLOSE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_READ 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_WRITE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FLUSH_BUFFERS 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DIRECTORY_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SHUTDOWN 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_LOCK_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLEANUP 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_MAILSLOT 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_POWER 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CHANGE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_PNP 8A5BCBC0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_READ 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 8A7D38F8
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_READ 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8A5BCBC0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_CREATE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_CLOSE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_READ 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_WRITE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SET_EA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_POWER 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 8A7D38F8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 IRP_MJ_PNP 8A7D38F8
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_CREATE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_CREATE_NAMED_PIPE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_CLOSE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_READ 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_WRITE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SET_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SET_EA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_FLUSH_BUFFERS 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_DIRECTORY_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SHUTDOWN 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_LOCK_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_CLEANUP 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_CREATE_MAILSLOT 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SET_SECURITY 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_POWER 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_DEVICE_CHANGE 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_SET_QUOTA 8A5BCBC0
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target2Lun0 IRP_MJ_PNP 8A5BCBC0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8A6B9B40
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8A6B9B40
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8A6B9B40
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8A6B9B40
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8A6B9B40
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8AB74268

---- Modules - GMER 1.0.12 ----

Module _________ B9EA7000

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x49 0xDD 0xFE 0x94 ...
Reg \Registry\USER\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x07 0xE2 0xFD 0xDA ...
Reg \Registry\USER\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\License information@datasecu 0x73 0xDA 0x2D 0xD5 ...
Reg \Registry\USER\S-1-5-21-1409082233-1801674531-725345543-1003\Software\SecuROM\License information@rkeysecu 0xBB 0x48 0xD0 0x9F ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0766416E
ADS C:\Program Files\BitLord\Torrents\Futurama: Bender's Big Score [2007-DVDRip-H.264]-NewArtRiot.torrent
File C:\Program Files\My Lockbox\Checkthis

---- EOF - GMER 1.0.12 ----
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43295
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod jaro3 » 16 lis 2009 10:17

Odinstaluj WinPatrol (pokud půjde , jsou tam asi jen zbytky)
Odinstaluj ICQToolbar


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\documents and settings\host\Nabˇdka Start\Programy\Po spuçtŘnˇ\prf1D24.tmp
c:\program files\BillP Studios\WinPatrol\winpatrol.exe

Folder::
c:\program files\BillP Studios\WinPatrol

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinPatrol"=-

DDS::
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys
Vlož sem pak odkaz výsledku

Pak zkus znovu:
Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 24 lis 2009 21:59

Z časového vytížení a kvůli jednomu problému který jsem se snažil vyřešit na pc jsem ještě neprovedl další krok... ovšem ten problém souvisí s tímto topicem. Najednou mi totiž nejde připojit externí disk vše popisuji tady viewtopic.php?f=7&t=46919 nakonec mi bylo doporučeno obrátit se na sekci hijackthis takže mám další problém mám provést další krok a poslat nový log z Hijacku nebo je už problém vidět v předchozím logu?
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43295
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod jaro3 » 25 lis 2009 08:05

Před scriptem Combofixu připoj ext. disk , pak proveď script , odešli soubor na Virustotal a pak proveď MBR Rootkit Detektor.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
RudazBrna
Level 1
Level 1
Příspěvky: 84
Registrován: říjen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod RudazBrna » 25 lis 2009 16:20

při připojení ext. disku pc zamrzne a nejde s ním absolutně nic dělat ten log nemohu udělat
ten test na virus totalu jsem již dělal a dnes tedy znovu a vždy píše :
0 bytes size received / Se ha recibido un archivo vacio
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43295
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu : Podivné chování internetu

Příspěvekod jaro3 » 25 lis 2009 16:41

Myslel jsem připojit ext. disk, zapnout PC , držet klávesu F8 a vybrat Stav NOUZE .
Napiš , zda to taky spadne.

problém může být i v HW, zdroj atd.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 124 hostů