| Files |
Log |
sysbus32.sys |
---- System - GMER 1.0.8 ----
SSDT 8182860A ZwEnumerateKey
SSDT 818298B6 ZwQueryDirectoryFile
---- Devices - GMER 1.0.8 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE
---- Services - GMER 1.0.8 ----
Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32
---- Registry - GMER 1.0.8 ----
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...
---- Files - GMER 1.0.8 ----
File D:\WINDOWS\system32\drivers\sysbus32.sys
|
| avpe32.sys avpe64.sys avpe32.dll |
---- System - GMER 1.0.7 ----
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcess
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFile
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation
---- Processes - GMER 1.0.7 ----
Process explorer.exe (*** hidden *** ) 1596
File D:\WINDOWS\system32\avpe32.dll
File D:\WINDOWS\system32\drivers\avpe64.sys
File D:\WINDOWS\system32\klgcptini.dat
File D:\WINDOWS\system32\stt82.ini
|
| i386p.sys |
---- System - GMER 1.0.6 ----
SSDT 81F7FA16 ZwEnumerateKey
SSDT 81F7FABA ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess
SSDT 81F7F532 ZwQueryDirectoryFile
---- Devices - GMER 1.0.6 ----
Device \Driver\Tcpip IRP_MJ_CREATE 81F8057A
Device \Driver\i386p IRP_MJ_CREATE 81F7F3A4
File C:\99e21c81d36497c0228b\data\EURGEOM.DAT
File C:\99e21c81d36497c0228b\data\EURROUTE.DAT
File C:\99e21c81d36497c0228b\data\EURROUTE.DCT
File C:\99e21c81d36497c0228b\data\EURROUTE.VLF
File C:\99e21c81d36497c0228b\data\EUR_HD.MAD
File C:\99e21c81d36497c0228b\data\MSCREATE.DIR
File C:\99e21c81d36497c0228b\sp1\spmsg.dll
File C:\99e21c81d36497c0228b\sp1\spuninst.exe
File C:\99e21c81d36497c0228b\sp1\update
File C:\99e21c81d36497c0228b\sp1\update\eula.txt
File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll
File C:\99e21c81d36497c0228b\sp1\update\update.exe
File C:\99e21c81d36497c0228b\sp2\spmsg.dll
File C:\99e21c81d36497c0228b\sp2\spuninst.exe
File C:\99e21c81d36497c0228b\sp2\update
File C:\99e21c81d36497c0228b\sp2\update\eula.txt
File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll
File C:\99e21c81d36497c0228b\sp2\update\update.exe
File C:\99e21c81d36497c0228b\system\AM70407.DLL
File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE
File C:\99e21c81d36497c0228b\system\EUR70407.CHM
File C:\99e21c81d36497c0228b\system\EUR70407.DLL
File C:\99e21c81d36497c0228b\system\EUR70407.HLP
File C:\99e21c81d36497c0228b\system\MSCREATE.DIR
File C:\99e21c81d36497c0228b\system\MVUT21N.DLL
|
| isa32.sys + netpt.sys |
---- System - GMER 1.0.6 ----
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFile
SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation
---- Devices - GMER 1.0.6 ----
Device \Driver\Tcpip IRP_MJ_CREATE isa32.sys
Device \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sys
Device \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys
---- Processes - GMER 1.0.6 ----
Process svchost.exe (*** hidden *** ) 828
Process perfont.exe (*** hidden *** ) 1276
File C:\WINDOWS\system32\drivers\isa32.sys
File C:\WINDOWS\system32\main6.exe
File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf
|
| zopenssld.sys |
GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.9 ----
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
---- Processes - GMER 1.0.9 ----
Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@nxsdrq C:\WINDOWS\system32\ogolrs.exe reg_run
Reg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run@kuaes
C:\WINDOWS\system32\ogolrs.exe reg_run
---- Files - GMER 1.0.9 ----
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe
File C:\WINDOWS\mcusi.dll
File C:\WINDOWS\system32\epfpr.exe
File C:\WINDOWS\system32\ogolrs.exe
File C:\WINDOWS\system32\plmtcxj.exe
File C:\WINDOWS\system32\unolibu.dll
File C:\WINDOWS\system32\zopenssl.dll
File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----
|
| VT100.EXE |
GMER 1.0.10.9819 - http://www.gmer.net
Rootkit 2006-05-04 18:30:25
Windows 5.1.2600 Dodatek Service Pack 2
---- Processes - GMER 1.0.10 ----
Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\system32\VT100.EXE
---- EOF - GMER 1.0.10 ----
|
| m_hook.sys |
GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack. 1
---- System - GMER 1.0.9 ----
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!
---- Processes - GMER 1.0.9 ----
Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@german.exe
C:\\WINDOWS\\System32\\wintems.exe
Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@drvsyskit
C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
---- Files - GMER 1.0.9 ----
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!
File C:\\WINDOWS\\system32\\wintems.exe
---- Services - GMER 1.0.9 ----
Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----
|
| drmpdate.sys |
GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack. 1
---- System - GMER 1.0.9 ----
SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
SSDT d347bus.sys ZwQueryKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]
---- Devices - GMER 1.0.9 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYS
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8
---- Processes - GMER 1.0.9 ----
Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!
Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!
---- Modules - GMER 1.0.9 ----
Module _________ F846A000
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvc
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUN
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dll
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.net
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.html
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvc
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUN
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dll
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.net
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.html
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exe
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName
|
| ivdmt16.sys winlow.sys |
GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600
---- System - GMER 1.0.9 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\!KillBox\drct16.dll
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\cz.dll
File C:\WINDOWS\system32\drct16.dll
File C:\WINDOWS\system32\fltr.a3d
File C:\WINDOWS\system32\hz.sys
File C:\WINDOWS\system32\i.a3d
File C:\WINDOWS\system32\klogini.dll
File C:\WINDOWS\system32\mszx23.exe
File C:\WINDOWS\system32\p2.ini
File C:\WINDOWS\system32\redir.a3d
File C:\WINDOWS\system32\tnfl.a3d
File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\wz.sys
File D:\System Volume Information\tracking.log
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----
|
| imaslip.sys |
GMER 1.0.9.8110 - {http://www.gmer.net}
Windows 5.1.2600 Dodatek Service Pack 2
---- Devices - GMER 1.0.9 ----
Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390
---- Processes - GMER 1.0.9 ----
Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!
Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\WINDOWS\system32\drivers\imaslip.sys
File C:\WINDOWS\system32\lsacap32.exe
---- EOF - GMER 1.0.9 ----
|
| alco8drv.sys |
GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack 2
---- System - GMER 1.0.9 ----
---- Devices - GMER 1.0.9 ----
Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11
---- Processes - GMER 1.0.9 ----
Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\WINDOWS\system32\drivers\alco8drv.sys
File C:\WINDOWS\system32\synbdusx.exe
---- EOF - GMER 1.0.9 ----
|
xdudmm.sys
xdudtt.dll |
GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-24 00:29:02
Windows 5.1.2600
---- System - GMER 1.0.10 ----
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
---- Devices - GMER 1.0.10 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
---- Processes - GMER 1.0.10 ----
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!
Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!
Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!
---- Services - GMER 1.0.10 ----
Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!
Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!
---- EOF - GMER 1.0.10 ----
|
| pe386 |
GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-25 14:32:07
Windows 5.1.2600 Service Pack 1
---- System - GMER 1.0.10 ----
SYSENTER ? 00810005
---- Devices - GMER 1.0.10 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0
---- Services - GMER 1.0.10 ----
Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
---- EOF - GMER 1.0.10 ----
|
| Gromozon Rootkit |
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-31 14:25:26
Windows 5.1.2600 Service Pack 2
---- Processes - GMER 1.0.10 ----
Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!!
Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!!
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\mdoom1.dll
File C:\WINDOWS\system32\lpt4.hzq
---- EOF - GMER 1.0.10 ----
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-31 14:27:47
Windows 5.1.2600 Service Pack 2
...
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq
...
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe"
...
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll
...
---- EOF - GMER 1.0.10 ----
|
| lzx32 |
GMER 1.0.11.11310 - http://www.gmer.net
Rootkit 2006-09-14 09:31:21
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SYSENTER ? F60FDFAF
---- Modules - GMER 1.0.11 ----
Module (noname) (*** hidden *** ) F60F9000
---- Threads - GMER 1.0.11 ----
Thread 4:1224 F60FC08A
---- Services - GMER 1.0.11 ----
Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
---- Files - GMER 1.0.11 ----
ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.11 ----
|
| wincom32.sys |
GMER 1.0.12.12012 - http://www.gmer.net
Rootkit scan 2007-02-04 13:46:33
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248
---- Services - GMER 1.0.12 ----
Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf
File C:\WINDOWS\system32\adir.dll
File C:\WINDOWS\system32\adirss.exe
File C:\WINDOWS\system32\taskdir.exe
File C:\WINDOWS\system32\wincom32.ini
File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\WindowsLogon.manifest
---- EOF - GMER 1.0.12 ----
|
| VideoAti0.sys |
GMER 1.0.12.12070 - http://www.gmer.net
Rootkit scan 2007-02-26 15:38:06
Windows 5.1.2600 Service Pack 2
---- Kernel code sections - GMER 1.0.12 ----
PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET
? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144AC
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC
---- Modules - GMER 1.0.12 ----
Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\system32\drivers\VideoAti0.sys
File C:\WINDOWS\system32\VideoAti0.dll
File C:\WINDOWS\system32\VideoAti0.exe
---- EOF - GMER 1.0.12 ----
|
| RioDrvs.sys |
GMER 1.0.13.12482 - http://www.gmer.net
Rootkit scan 2007-06-15 08:55:07
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey
---- Processes - GMER 1.0.13 ----
Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000
Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000
---- Files - GMER 1.0.13 ----
File C:\WINDOWS\linkinfo.dll
File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\linkinfo.dll
---- Services - GMER 1.0.13 ----
Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!
---- EOF - GMER 1.0.13 ----
|
| MBR rootkit/Sinowal |
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-24 07:50:49
Windows 5.1.2600 Service Pack 3
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Kernel code sections - GMER 1.0.14 ----
PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]
PAGE ...
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00
---- Devices - GMER 1.0.14 ----
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410
---- Threads - GMER 1.0.14 ----
Thread 4:796 855BBC80
Thread 4:800 855A8D80
Thread 4:804 85663DC0
Thread 4:808 85594E00
Thread 4:2856 855BBC80
Thread 4:2860 855A8D80
Thread 4:2864 85663DC0
Thread 4:2868 85594E00
---- EOF - GMER 1.0.14 ----
|