Just nu i M3-nätverket
Gå till innehåll

stonnew

Medlem
  • Antal inlägg

    283
  • Gick med

  • Senaste besök

Allt postat av stonnew

  1. stonnew

    RFC 867

    Hejsan Jag behöver hjälp med att göra en implementation av RFC 867 (Daytime Protocol) i Python. Info finns på: http://www.faqs.org/rfcs/rfc867.html Jag bifogar en textfil, med min UDP-server och UDP-klient. Problemet är att jag vet inte hur man kan göra en implementation av klienten så att det inte skickar något. Det vill säga när klienten har anslutit sig, utan att skicka något, så ska den få tillbaka svar om tiden. Jag har sökt runt en del men det jag har hittat visar bara hur man kan göra om klienten ska skicka något, även om det bara är tomt. Jag behöver hjälp, hur kan jag göra?
  2. Tack så mycket! Missade den lilla detaljen som inte "syns" så att säga, men ändå finns där. Ändrade bara om foreach-satsen till följande: foreach ($arr1 as $i => $pass) { if(trim($pass) == trim($str)) { header('Location: test.php'); } } Tack så mycket igen!
  3. Jag försöker göra ett login-script där man kollar igenom en txt-fil efter rätt användarnamn och lösenord när man fyllt i ett formulär. Men jag förstår inte varför det inte fungerar? Jag har testat flera olika liknande kod. Det enda som fungerar är sista användarnamnet och lösenordet i filen, som står på sista raden. Men hur får jag så alla användarnamn fungerar som står i textfilen? Något tips? Vad gör jag fel? <? session_start(); if (isset($_POST["loggaut"])) { session_unset(); session_destroy();} if(isset($_POST["submit"])) { $a["namn"] = $_POST["id"]; $a["pass"] = $_POST["pass"]; $file = fopen("losen.txt","r"); $arr1; $ix = 0; while (!feof($file)) { $arr1[$ix] = fgets($file); ++$ix; } fclose($file); foreach ($arr1 as $i => $pass) { $b = explode(" ", $pass); if($b[0] == $a["namn"] && $b[1] == $a["pass"]) { header('Location: test.php'); } } } ?> <html> <head> <title>Inloggning</title></head> <body> <fieldset><legend><b>Logga in</b></legend> <form action="http://localhost/xampp/skol/lab2.php" method="post" name="login"> <table> <tr><td>Användarnamn: </td><td><input type="text" name="id" <? if($_POST["id"]) echo 'value="'.$_POST["id"].'"'?> ></td></tr> <tr><td>Lösenord: </td><td><input type="password" name="pass" <? if($_POST["pass"]) echo 'value="'.$_POST["pass"].'"'?> ></td></tr> <tr><td><input type="submit" name="submit" value="Skicka"> </table></form></fieldset> </body> </html>
  4. Jag ska göra ett Black Jack-spel men jag får följande fel när jag ska testa koden: error C2512: 'Card' : no appropriate default constructor available. Jag får felet på följande plats i koden: #include "StdAfx.h" #include "CardDeck.h" #include "Card.h" CardDeck::CardDeck() { m_next=0; for(int s=0; s <= 3; s++) { for(int v=1; v <= 13; v++) { Card kort(s,v); m_card[m_next++] = kort; } } }//CardDeck Card-klassen är följande: #pragma once #include "stdafx.h" #include <iostream> using namespace std; class Card { public: Card (int suite, int value); string toString(); int getValue(); int getSuite(); bool isAce(); private: int m_suite;//0-3 motsvarar färgerna på korten. int m_value;//1-13, valörerna }; Och konstruktorn för Card är följande: Card::Card(int suite, int value) { if(suite >= 0 && suite <= 3) m_suite = suite; if(value >= 1 && value <= 13) m_value = value; }//Card Ligger felet någonstans i ovanstående kod? Jag hittar verkligen inte felet, men som jag förstår är felet något med Card-konstruktorn? Har suttit och kollat igenom flera gånger och kommer inte vidare med programmet för jag kan inte testa det. Någon hjälp med vad som kan vara fel vore väldigt tacksamt.
  5. Jag har en Belkin N Wireless Router. Internet fungerar alldeles utmärkt för övrigt, men får inte igång Tversity Media Server så jag kan inte använda Tversity-programmet. Här nedanför är från mina nätverksanslutningar, jag har dock censurerat bort en del. [log]IP-konfiguration för Windows Värddatornamn . . . . . . . . . . : (hemligt) Primärt DNS-suffix . . . . . . . : Nodtyp . . . . . . . . . . . . . : Okänd IP-routning aktiverat . . . . . . : Nej WINS-proxy aktiverat . . . . . . : Nej Söklista för DNS-suffix . . . . . : (hemligt) Ethernet-kort Trådlös nätverksanslutning: Anslutningsspecifika DNS-suffix . : (hemligt) Beskrivning . . . . . . . . . . . : Broadcom 802.11a/b/g WLAN Fysisk adress . . . . . . . . . . : 00-hemligt DHCP aktiverat . . . . . . . . . : Ja Autokonfiguration aktiverat . . . : Ja IP-adress . . . . . . . . . . . . : 192.168.hemligt Nätmask . . . . . . . . . . . . . : 255.255.255.0 Standard-gateway . . . . . . . . : 192.168.hemligt DHCP-server . . . . . . . . . . . : 192.168.hemligt DNS-servrar . . . . . . . . . . . : 192.168.hemligt Lånet erhölls . . . . . . . . . . : den 23 januari 2011 12:25:51 Lånet upphör . . . . . . . . . . : den 23 januari 2011 14:25:51 Ethernet-kort Anslutning till lokalt nätverk: Medietillstånd . . . . . . . . . . : Mediet är frånkopplat Beskrivning . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont roller Fysisk adress . . . . . . . . . . : 00-hemligt[/log]
  6. Hur kan man generera ett visst antal slumpvist valda nummer? Det runkar med rand() funktionen men det blir samma siffror varje gång man kör programmet. Kan man använda srand() utan att mata den med tiden? För att få olika siffror varje gång programmet körs?
  7. Men om man kollar in följande guide: http://support.microsoft.com/kb/941206 Första steget där med Internet Gateway device, min står att den är frånkopplad. Alla andra steg har jag gjort och funkar i den guiden. Jag vill starta Tversity Media Server, det står att den är beroende av systemkomponenter som AFD och TCP/IP Protocol Driver. Vart hittar jag dessa? Och/eller får igång dem?
  8. Jag vill starta igång min UPnP-tjänst på min dator. Har en windows XP, men jag får det inte att fungera. Har sökt en del på google och många sidor verkar ha samma steg, förutom första steget med gateway. Jag kör på trådlöst nätverk och när jag går in på anslutningarna, så står det att den gateway som finns är frånkopplad och när jag försöka ansluta den så händer inget. Det ser inte likadant ut som i de guider jag hittat och som på min dator. Verkar som det finns en lite skillnad med trådlöst och kabel. Alla andra steg i de guider som finns har jag lyckats hittat och fått igång. Någon hjälp hur man kan fixa det med gateway?
  9. Nu har jag fixat alla ovanstående punkter och får tacka igen så mycket för all hjälp Program som RootRepeal, ATF-Cleaner, Gmer, MBRCheck och Bootkit Remover, är det bara att ta bort dessa genom att högerklicka och ta bort?
  10. Mapparna är nu borttagna. Nu fungerar det också att uppdatera virusdefinitionerna i Microsoft Security Essentials och det går även att ansluta till windows update. Men enligt Kasperskys genomsökning verkar datorn fortfarande vara infekterad. [log]-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: [/log] Här är även DDS-loggen: [log]DDS (Ver_10-03-17.01) [/log]
  11. Ingenting hittades när jag sökte igenom med MBAM. [log]ComboFix 10-07-22.01 [/log]
  12. [log]MBRCheck, version 1.1.1 © 2010, AD \\.\C: --> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 MBR Code Faked! Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive: Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code! Please reboot your computer to complete the fix. Done! Press ENTER to exit... [/log]
  13. [log]MBRCheck, version 1.1.1 © 2010, AD \\.\C: --> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 MBR Code Faked! Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Press ENTER to exit... [/log] [log]Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 Controlled by rootkit! Boot code on some of your physical disks is hidden by a rootkit. To disinfect the master boot sector, use the following command: remover.exe fix <device_name> To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] Done; Press any key to quit... [/log]
  14. Jag kan tyvärr inte hitta filen C:\WindowsSystem32\Drivers\a11ky2zh.SYS och även om det kanske var ett "snedstreck" som fattades så fanns filen a11ky2zh.SYS inte på datorn. Sökte efter den och gick igenom alla System32 mappar (sökte på system32 och letade igenom). Tror jag stängde av alla SQL-server tjänster. Gmer snabbgenomsökning: [log]GMER 1.0.15.15281 [/log] Gmer hela genomsökning: [log]GMER 1.0.15.15281 [/log] Rootrepeal [log]ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/07/26 14:41 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xED3BD000 Size: 876544 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEC772000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\sqlite_rtlbtues6ndes3u Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_6pcfotbjocufqva Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_97hndm5d0k2hlg9 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_bad8oe8s2eb3yha Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_bo5fpcq8obltv5n Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_gmzsqhrqsei1d3y Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_kimsp4dcncgsswg Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_l2cx6faaezgseli Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_lavj7l1gsalcqau Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_lr8qujat2kqc3ea Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_o5we2fphndvr2sd Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_or7xepwruccfnta Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_0wyp47iqaerbaja Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_2gukykux1ers52e Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_2r7emjm6rzj2fph Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_459oelbyply7c3a Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_6eakwieamiwwem8 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_szjrw9cdxhznrq8 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_tarosrxjlbx7stb Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_tmbgi7dcfax8fxb Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_tulmrajs8puymr7 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_vdb8znrip0geted Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_vniez7cdmyrop8o Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_w5k14hav8iwrv13 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_wevr5cokicuznyg Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_wnfbqzhrghlq3oh Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_xqnhdvaa4shoess Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_xqwen1dipi78lrv Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_y5dxkoducbhbedj Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_zmpofrmwyienopc Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\program\microsoft sql server\mssql.1\mssql\log\log_380.trc Status: Allocation size mismatch (API: 4096, Raw: 0) ==EOF== [/log]
  15. Snabbgenomsökningen: [log]GMER 1.0.15.15281 [/log] Hela genomsökningen: [log]GMER 1.0.15.15281 [/log]
  16. Har åtgärdat den gamla versionen av Java och gjort en snabbgenomsökning med MBAM, men den hittade inget. Laddar ner ny version av ComboFix imorgon och lägger upp en logg när det är gjort.
  17. Okej. Tack för hjälpen såhär långt ändå. Antar att den "nya" versionen av ComboFix kommer upp på bleepingcomputers hemsida? Sen vet jag inte om det har någon betydelse att säga det, men jag tror det var efter jag körde ComboFix första gången som datorn blev segare att starta. Inte så segt att man stör sig mycket på det, men längre än tidigare. Speciellt från det att man kommer till inloggningsrutan till windows och när den ska läsa in personliga inställningar tar det längre tid. Sen kanske det är värt att nämna att en hel del tjänster i windows stängs av, automatiska uppdateringar, några tjänster för att Internet ska fungera att ansluta till och ljudkontrollen för att nämna några. Det kanske blir så efter man kört ComboFix? Tänkte bara det kunde vara värt att nämna när du säger att du undrar vad ComboFix har för sig.
  18. Virustotal verkade inte hitta något på någon av filerna, här är i alla fall länkarna till sökningarna. C:\Qoobox\Quarantine\C\WINDOWS\system32\kernel32.dll.vir http://www.virustotal.com/sv/analisis/4aef0c3a65ff52602402c098e5315d654ad91eff877cb6c06603f58d74ce47de-1279835541 C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll http://www.virustotal.com/sv/analisis/4be35cd733674149dae29596b95195ff865db86921a6c833ea86dc78a0920701-1279835913 C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll http://www.virustotal.com/sv/analisis/a5ea975ac74df5aa1ec98d30f7d48f313f5ebe36768fa0b6c82bd062ba2e0c93-1279836066 C:\WINDOWS\ServicePackFiles\i386\kernel32.dll http://www.virustotal.com/sv/analisis/733534b1044875311676350b6c9369c9ab1a28afd8b54184f821a9ff1481ebb0-1279836433 C:\WINDOWS\SMINST\CD_Struct\I386\SYSTEM32\KERNEL32.DLL http://www.virustotal.com/sv/analisis/896e829b03f62c5381d7ad34bbbe45d23b1b3c2f0a45d707d8be227a05dbef75-1279836579
  19. [log]SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 22:08 on 22/07/2010 by Kristoffer Stenlund (Administrator - Elevation successful) ========== filefind ========== Searching for "kernel32.d*" C:\Qoobox\Quarantine\C\WINDOWS\system32\kernel32.dll.vir --a--- 1003520 bytes [12:00 02/03/2006] [14:09 21/03/2009] 7F06ACEFD3A4B040BB59822DED9B5474 C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll --a--- 1005568 bytes [14:03 21/03/2009] [14:03 21/03/2009] 7140C1C1AA3814D9772E1E744EADFEF7 C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll --a--c 997376 bytes [17:46 06/07/2009] [12:00 02/03/2006] 673505731AA42D4F635968C3754BEBF1 C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll --a--c 1003520 bytes [18:16 06/07/2009] [16:04 14/04/2008] 19563163BDBEA684ED7CACA71A0CC117 C:\WINDOWS\ERDNT\cache\kernel32.dll --a--- 1003520 bytes [20:55 21/07/2010] [14:09 21/03/2009] 7F06ACEFD3A4B040BB59822DED9B5474 C:\WINDOWS\ServicePackFiles\i386\kernel32.dll --a--- 1003520 bytes [16:04 14/04/2008] [16:04 14/04/2008] 19563163BDBEA684ED7CACA71A0CC117 C:\WINDOWS\SMINST\CD_Struct\I386\SYSTEM32\KERNEL32.DLL --a--- 1038336 bytes [17:12 06/07/2009] [14:00 25/03/2005] 10F9019A341A4EFEE249BB0E5324B001 C:\WINDOWS\system32\kernel32.dll --a--- 1003520 bytes [12:00 02/03/2006] [14:09 21/03/2009] 7F06ACEFD3A4B040BB59822DED9B5474 -=End Of File=-[/log]
  20. [log]ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/07/22 17:56 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xEBF82000 Size: 876544 File Visible: No Signed: - Status: - Name: PCI_PNP8458 Image Path: \Driver\PCI_PNP8458 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEC668000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: spwt.sys Image Path: spwt.sys Address: 0xF7393000 Size: 995328 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\sqlite_nyaz2x42rjaqbd1 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_uenjc9ucsuhy2zj Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\program\microsoft sql server\mssql.1\mssql\log\log_373.trc Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spwt.sys" at address 0xf73940e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spwt.sys" at address 0xf73acda4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spwt.sys" at address 0xf73ad132 #: 119 Function Name: NtOpenKey Status: Hooked by "spwt.sys" at address 0xf73940c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spwt.sys" at address 0xf73ad20a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spwt.sys" at address 0xf73ad08a #: 247 Function Name: NtSetValueKey Status: Hooked by "spwt.sys" at address 0xf73ad29c Stealth Objects ------------------- Object: Hidden Module [Name: kernel32.dll] Process: Reader_sl.exe (PID: 2992) Address: 0x7c800000 Size: 1019904 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_CREATE] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_CLOSE] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_POWER] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: anlafamuࠅఐ卆浩ઑ, IRP_MJ_PNP] Process: System Address: 0x85a05500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x85a2f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x85a721f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x85a0e500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x858f91f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x859fe500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_CREATE] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_CLOSE] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_READ] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_SHUTDOWN] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_CLEANUP] Process: System Address: 0x85887500 Size: 121 Object: Hidden Code [Driver: Cdfsࠅః瑎て泐㯨⣎㩀@, IRP_MJ_PNP] Process: System Address: 0x85887500 Size: 121 ==EOF==[/log]
  21. [log]ComboFix 10-07-21.01 [/log] Och nästa log kommer i ett nytt inlägg.
  22. Jag satt och funderade på om jag skulle ta med den eller inte, men det gör inget här är loggen. [log]ComboFix 10-07-21.01 [/log]
  23. [log]ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/07/22 15:35 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xEB8D0000 Size: 876544 File Visible: No Signed: - Status: - Name: PCI_PNP1674 Image Path: \Driver\PCI_PNP1674 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF76D7000 Size: 49152 File Visible: No Signed: - Status: - Name: spbb.sys Image Path: spbb.sys Address: 0xF7393000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\sqlite_gletllkrpsdhmtb Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_xpeohzrcjy8xaht Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\program\microsoft sql server\mssql.1\mssql\log\log_368.trc Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spbb.sys" at address 0xf73940e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spbb.sys" at address 0xf73acda4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spbb.sys" at address 0xf73ad132 #: 119 Function Name: NtOpenKey Status: Hooked by "spbb.sys" at address 0xf73940c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spbb.sys" at address 0xf73ad20a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spbb.sys" at address 0xf73ad08a #: 247 Function Name: NtSetValueKey Status: Hooked by "spbb.sys" at address 0xf73ad29c Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x865661f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_CREATE] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_CLOSE] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_POWER] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: a8ja7pk8ȅఉ浗灩, IRP_MJ_PNP] Process: System Address: 0x8597a1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8562a500 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x85a861f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8583b500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x85a6f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x858a81f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_CREATE] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_CLOSE] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_READ] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_SET_INFORMATION] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_SHUTDOWN] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_CLEANUP] Process: System Address: 0x858c11f8 Size: 121 Object: Hidden Code [Driver: Cdfs؅瑎晦؁ఆ䵃怭仂, IRP_MJ_PNP] Process: System Address: 0x858c11f8 Size: 121 ==EOF==[/log]
×
×
  • Skapa nytt...