Ahoj tak jsem tu po něaké době zase.... zlobí mě můj PC... občas si stahuje data jak se mu zachce.... je schopnej stáhnout během 3 hodin kole 700Mb dat.... můj poskytovatel mi ale omezí rychlost na 47 kb/s když stáhnu víc jak 105Mb/hod.... tak že je to celkem problém protože být na internetu s rychlostí 47kb/s je opravdu o nervy..... řekl bych že buď někdo něak stahuje data přes moji IP nebo je to spíš něakej program záškodník...
autom. aktualizace widlous mam vypnute a aktualizace antiviru, antispyware a firewallu přece nemají 700Mb.....
tady je HiJack log
Logfile of HijackThis v1.99.1
Scan saved at 8:56:56, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Robin\programy\nefim\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Robin\programy\totalcmd\TOTALCMD.EXE
c:\Robin\proti virum\abc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.humlak.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Data aplikací\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - Startup: Zástupce - nod32kui.lnk = C:\Program Files\Eset\nod32kui.exe
O4 - Startup: Zástupce - ServUTray.lnk = C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EEEC40C-FD47-4A3A-8B6C-50EE3C14547D}: NameServer = 1.1.1.1,1.1.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
PC si stahuje data jak se mu zachce..
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
log a MWAV toho C:\Robin\hacking si moc nevšímej pokud nemáš něaké extra výhrady... 
) jen sem se učil něaké blbosti...
Soubor C:\PROGRA~1\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Soubor C:\PROGRA~1\TightVNC\VNCHOOKS.DLL indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
Soubor C:\PROGRA~1\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Objekt "flashfxp Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "flashfxp Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "virusburst Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "ebates moneymaker Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "networkessentials Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "networkessentials Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Eset\infected\3HWLOZAA.NQF//PE-Crypt.XorPE je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Eset\infected\YNJ5FGCA.NQF//PE-Crypt.XorPE je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\TightVNC\VNCHooks.dll indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
Soubor C:\Program Files\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Soubor C:\Robin\HACKING\SMBDie\SMBdie.EXE je infikovaný virem Nuker.Win32.SmbDie !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\cgi\setup.cgi je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\cgi\subseven.cgi je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\EditServer.exe//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\icqpwsteal.dll//ASPack je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\matrix.dll//ASPack je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7advanced.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7capture.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.b2 !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7fun1.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7fun2.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7keys.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7moreinfo.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7passwords.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7scanner.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7sniffer.dll je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7takeover.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\server.exe je infikovaný virem Backdoor.Win32.SubSeven.22 !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\sin.exe//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\sub7.exe je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\WWWhack\wwwhack Backup.exe je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\WWWhack\wwwhack.exe je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\proti virum\backups\backup-20070422-154514-785.dll je infikovaný virem Trojan.Win32.BHO.g !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\sdílené hry a programy\tightvnc-1.2.9-setup.exe//data0002 indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
) jen sem se učil něaké blbosti...Soubor C:\PROGRA~1\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Soubor C:\PROGRA~1\TightVNC\VNCHOOKS.DLL indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
Soubor C:\PROGRA~1\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Objekt "flashfxp Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "flashfxp Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "virusburst Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "linkmedia Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "ebates moneymaker Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "networkessentials Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "uplink Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "networkessentials Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Eset\infected\3HWLOZAA.NQF//PE-Crypt.XorPE je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Eset\infected\YNJ5FGCA.NQF//PE-Crypt.XorPE je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\TightVNC\VNCHooks.dll indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
Soubor C:\Program Files\TightVNC\WinVNC.exe indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.h". Nic nebylo provedeno.
Soubor C:\Robin\HACKING\SMBDie\SMBdie.EXE je infikovaný virem Nuker.Win32.SmbDie !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\cgi\setup.cgi je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\cgi\subseven.cgi je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\EditServer.exe//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\icqpwsteal.dll//ASPack je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\matrix.dll//ASPack je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7advanced.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7capture.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.b2 !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7fun1.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7fun2.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7keys.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7moreinfo.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7passwords.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7scanner.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7sniffer.dll je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\plugins\s7takeover.dll//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.plugin !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\server.exe je infikovaný virem Backdoor.Win32.SubSeven.22 !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\sin.exe//UPX je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\Sub7 2.2\sub7.exe je infikovaný virem Backdoor.Win32.SubSeven.22.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\WWWhack\wwwhack Backup.exe je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\HACKING\WWWhack\wwwhack.exe je infikovaný virem HackTool.Win32.WwwHack.a !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\proti virum\backups\backup-20070422-154514-785.dll je infikovaný virem Trojan.Win32.BHO.g !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Robin\sdílené hry a programy\tightvnc-1.2.9-setup.exe//data0002 indentifikován jako "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b". Nic nebylo provedeno.
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
- Lemures
- Začátečník
-
- Registrován: 25. čer 2006
Ja som to pochopil tak, že on tam má nejaké súbory, vďaka ktorým narušuje bezpečnosť ostatných, povedzme GGTrojan je sám o sebe trojan, ale ty ho používaš na hackovanie iných.Baron Prášil píše:C:\Robin\HACKING
nevim k čemu to máš,ale je to plný zavirovanejch souborů.
smaž to.
a smaž toto C:\Robin\proti virum\backups
a vysyp karanténu nodu.
doporučuju nejdřív zvládnout bezpečnost vlastního kompjůtru,než budeš narušovat bezpečnost ostatních
CPU: Intel Pentium Dual Core E5200 2.5GHz, MB: Gigabyte EP45-DS3L, RAM: A-DATA 4 GB 800 Mhz DDR2, GPU: Saphire ATi Radeon HD4670 512MB DDR3, HDD: WD Caviar Blue 500GB, Mechanika: Samsung SH-S203F
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
jo.udělej co sem psal nahoře.
odinstaluj,smaž-zkrátka zlikviduj všechny ty ptákoviny kterým stejně nerozumíš.
používej počítač k sebevzdělání.k hraní her.k psaní.a když přimhouřim voči,tak třeba k sexuálnímu uspokojení
a až to budeš mít
pošli log z Combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah
odinstaluj,smaž-zkrátka zlikviduj všechny ty ptákoviny kterým stejně nerozumíš.
používej počítač k sebevzdělání.k hraní her.k psaní.a když přimhouřim voči,tak třeba k sexuálnímu uspokojení
a až to budeš mít
pošli log z Combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
ok tak teda celý obsah
"Robin" - 2007-06-27 7:02:16 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-26 21:26:47 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 16:58:01 198 ----a-w C:\zaloha registru 26 6 2007 - 3.reg
2007-06-26 16:57:24 16,361 ----a-w C:\zaloha registru 26 6 2007 - 2.reg
2007-06-26 16:56:26 392,831 ----a-w C:\zaloha registru 26 6 2007.reg
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 12:55:02 3,208 ----a-w C:\WINDOWS\im32st.dat
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-16 19:33:05 13,612 ----a-w C:\WINDOWS\desctemp.dat
2007-06-14 18:36:36 31,872 ----a-w C:\DOCUME~1\Robin\DATAAP~1\GDIPFONTCACHEV1.DAT
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 14:14:01 80,274 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-05 14:14:01 431,880 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-05-31 13:24:23 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-15 18:37:07 20,700 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-15 14:31:58 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:48:54 88 --sh--r C:\WINDOWS\system32\8FF04E9D24.sys
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-23 13:18:34 56 --sh--r C:\WINDOWS\system32\B2463ECC1A.sys
2007-04-22 14:33:51 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-14 08:16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-05 09:00:56 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-06-26 21:26:47 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 16:58:01 198 ----a-w C:\zaloha registru 26 6 2007 - 3.reg
2007-06-26 16:57:24 16,361 ----a-w C:\zaloha registru 26 6 2007 - 2.reg
2007-06-26 16:56:26 392,831 ----a-w C:\zaloha registru 26 6 2007.reg
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 12:55:02 3,208 ----a-w C:\WINDOWS\im32st.dat
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-16 19:33:05 13,612 ----a-w C:\WINDOWS\desctemp.dat
2007-06-14 18:36:36 31,872 ----a-w C:\DOCUME~1\Robin\DATAAP~1\GDIPFONTCACHEV1.DAT
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 14:14:01 80,274 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-05 14:14:01 431,880 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-05-31 13:24:23 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-15 18:37:07 20,700 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-15 14:31:58 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:48:54 88 --sh--r C:\WINDOWS\system32\8FF04E9D24.sys
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-23 13:18:34 56 --sh--r C:\WINDOWS\system32\B2463ECC1A.sys
2007-04-22 14:33:51 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-14 08:16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-05 09:00:56 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-01-03 20:15:05 88 --sh--r C:\WINDOWS\system32\1ACC3E46B2.sys
2007-01-03 20:15:05 88 --sh--r C:\WINDOWS\system32\1ACC3E46B2.sys
2007-01-06 20:35:19 56 --sh--r C:\WINDOWS\system32\249D4EF08F.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 12:56]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 12:56]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Data aplikací\Prevx\pxbho.dll []
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Data aplikací\Prevx\pxbho.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-05-31 03:13]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [2006-10-05 09:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 16:49 C:\WINDOWS\system32\bthprops.cpl]
"RivaTuner"="C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 21:15]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-04-14 13:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [2006-10-05 09:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe /autorun
directx\command- D:\DirectX\dxsetup.exe
setup\command- D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Setup.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 07:08:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-06-27 7:10:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 07:10
--- E O F ---
"Robin" - 2007-06-27 7:02:16 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
-------\nm
-------\npf
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-26 21:26:47 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 16:58:01 198 ----a-w C:\zaloha registru 26 6 2007 - 3.reg
2007-06-26 16:57:24 16,361 ----a-w C:\zaloha registru 26 6 2007 - 2.reg
2007-06-26 16:56:26 392,831 ----a-w C:\zaloha registru 26 6 2007.reg
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 12:55:02 3,208 ----a-w C:\WINDOWS\im32st.dat
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-16 19:33:05 13,612 ----a-w C:\WINDOWS\desctemp.dat
2007-06-14 18:36:36 31,872 ----a-w C:\DOCUME~1\Robin\DATAAP~1\GDIPFONTCACHEV1.DAT
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 14:14:01 80,274 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-05 14:14:01 431,880 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-05-31 13:24:23 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-15 18:37:07 20,700 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-15 14:31:58 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:48:54 88 --sh--r C:\WINDOWS\system32\8FF04E9D24.sys
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-23 13:18:34 56 --sh--r C:\WINDOWS\system32\B2463ECC1A.sys
2007-04-22 14:33:51 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-14 08:16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-05 09:00:56 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-06-26 21:26:47 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 18:53:32 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\teamspeak2
2007-06-26 16:58:01 198 ----a-w C:\zaloha registru 26 6 2007 - 3.reg
2007-06-26 16:57:24 16,361 ----a-w C:\zaloha registru 26 6 2007 - 2.reg
2007-06-26 16:56:26 392,831 ----a-w C:\zaloha registru 26 6 2007.reg
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 16:52:19 -------- d-----w C:\Program Files\CCleaner
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-26 06:23:53 -------- d-----w C:\Program Files\Spyware Terminator
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 21:58:29 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Skype
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:35:11 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\uTorrent
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 20:27:23 -------- d-----w C:\Program Files\HLSW
2007-06-25 12:55:02 3,208 ----a-w C:\WINDOWS\im32st.dat
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\KOSS Software
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 19:11:42 -------- d-----w C:\Program Files\Borland
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-23 09:38:31 -------- d-----w C:\Program Files\EA GAMES
2007-06-16 19:33:05 13,612 ----a-w C:\WINDOWS\desctemp.dat
2007-06-14 18:36:36 31,872 ----a-w C:\DOCUME~1\Robin\DATAAP~1\GDIPFONTCACHEV1.DAT
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-12 15:47:31 -------- d-----w C:\Program Files\GamePark
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-11 12:29:41 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Free Download Manager
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-06 08:05:02 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Hamachi
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 21:01:06 -------- d-----w C:\Program Files\LeechFTP
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 19:06:59 -------- d-----w C:\Program Files\IVT Corporation
2007-06-05 14:14:01 80,274 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-06-05 14:14:01 431,880 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 19:41:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-03 16:48:19 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Allstar
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-02 18:30:16 -------- d-----w C:\Program Files\PFE
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-06-01 07:49:17 -------- d-----w C:\Program Files\SpeedFan
2007-05-31 13:24:23 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-30 19:15:50 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ATI
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-27 09:54:33 -------- d-----w C:\Program Files\ActionCube
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 10:51:59 -------- d-----w C:\Program Files\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-26 09:58:46 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\FlashFXP
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-24 08:29:36 -------- d-----w C:\Program Files\AIST
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 20:28:28 -------- d-----w C:\Program Files\Sonique
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-21 09:30:49 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-20 06:56:55 -------- d-----w C:\Program Files\Winamp
2007-05-15 18:37:07 20,700 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-15 14:31:58 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-15 14:14:14 -------- d-----w C:\Program Files\X-Setup
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-13 12:59:29 -------- d-----w C:\Program Files\ICQToolbar
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-09 12:14:02 -------- d-----w C:\Program Files\ICQ6
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-08 11:40:51 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:55:56 -------- d-----w C:\Program Files\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:51:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\Corel
2007-05-03 19:48:54 88 --sh--r C:\WINDOWS\system32\8FF04E9D24.sys
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-03 18:54:25 -------- d-----w C:\Program Files\Common Files\Corel
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-05-02 17:37:08 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-29 08:44:56 -------- d-----w C:\DOCUME~1\Robin\DATAAP~1\ICQ
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-28 15:45:37 -------- d-----w C:\Program Files\ICQLite
2007-04-23 13:18:34 56 --sh--r C:\WINDOWS\system32\B2463ECC1A.sys
2007-04-22 14:33:51 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-14 08:16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-05 09:00:56 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-01-03 20:15:05 88 --sh--r C:\WINDOWS\system32\1ACC3E46B2.sys
2007-01-03 20:15:05 88 --sh--r C:\WINDOWS\system32\1ACC3E46B2.sys
2007-01-06 20:35:19 56 --sh--r C:\WINDOWS\system32\249D4EF08F.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 12:56]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 12:56]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Data aplikací\Prevx\pxbho.dll []
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Data aplikací\Prevx\pxbho.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-05-31 03:13]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [2006-10-05 09:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 16:49 C:\WINDOWS\system32\bthprops.cpl]
"RivaTuner"="C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 21:15]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-04-14 13:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [2006-10-05 09:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe /autorun
directx\command- D:\DirectX\dxsetup.exe
setup\command- D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Setup.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 07:08:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-06-27 7:10:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 07:10
--- E O F ---
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
no jo,středa,strašnýho logu mi třeba 
takže Avenger dle návodu
http://www.viry.cz/forum/viewtopic.php?t=21484
a tento skript
Files to delete:
C:\WINDOWS\im32st.dat
C:\WINDOWS\desctemp.dat
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfh005.dat
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\zllictbl.dat
C:\WINDOWS\system32\8FF04E9D24.sys
C:\WINDOWS\system32\B2463ECC1A.sys
C:\WINDOWS\system32\1ACC3E46B2.sys
C:\WINDOWS\system32\1ACC3E46B2.sys
C:\WINDOWS\system32\249D4EF08F.sys
po restartu Avenger vytvoří log.tak ho pošli
takže Avenger dle návodu
http://www.viry.cz/forum/viewtopic.php?t=21484
a tento skript
Files to delete:
C:\WINDOWS\im32st.dat
C:\WINDOWS\desctemp.dat
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\perfc005.dat
C:\WINDOWS\system32\perfh005.dat
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\zllictbl.dat
C:\WINDOWS\system32\8FF04E9D24.sys
C:\WINDOWS\system32\B2463ECC1A.sys
C:\WINDOWS\system32\1ACC3E46B2.sys
C:\WINDOWS\system32\1ACC3E46B2.sys
C:\WINDOWS\system32\249D4EF08F.sys
po restartu Avenger vytvoří log.tak ho pošli
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvdcsyjx
*******************
Script file located at: mcrbdcim
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uauioncj
*******************
Script file located at: \??\C:\Program Files\xawrvkln.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\im32st.dat deleted successfully.
File C:\WINDOWS\desctemp.dat deleted successfully.
File C:\WINDOWS\system32\KGyGaAvL.sys deleted successfully.
File C:\WINDOWS\system32\perfc005.dat deleted successfully.
File C:\WINDOWS\system32\perfh005.dat deleted successfully.
File C:\WINDOWS\iun6002.exe deleted successfully.
File C:\WINDOWS\system32\zllictbl.dat deleted successfully.
File C:\WINDOWS\system32\8FF04E9D24.sys deleted successfully.
File C:\WINDOWS\system32\B2463ECC1A.sys deleted successfully.
File C:\WINDOWS\system32\1ACC3E46B2.sys deleted successfully.
File C:\WINDOWS\system32\1ACC3E46B2.sys not found!
Deletion of file C:\WINDOWS\system32\1ACC3E46B2.sys failed!
Could not process line:
C:\WINDOWS\system32\1ACC3E46B2.sys
Status: 0xc0000034
File C:\WINDOWS\system32\249D4EF08F.sys deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvdcsyjx
*******************
Script file located at: mcrbdcim
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uauioncj
*******************
Script file located at: \??\C:\Program Files\xawrvkln.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\im32st.dat deleted successfully.
File C:\WINDOWS\desctemp.dat deleted successfully.
File C:\WINDOWS\system32\KGyGaAvL.sys deleted successfully.
File C:\WINDOWS\system32\perfc005.dat deleted successfully.
File C:\WINDOWS\system32\perfh005.dat deleted successfully.
File C:\WINDOWS\iun6002.exe deleted successfully.
File C:\WINDOWS\system32\zllictbl.dat deleted successfully.
File C:\WINDOWS\system32\8FF04E9D24.sys deleted successfully.
File C:\WINDOWS\system32\B2463ECC1A.sys deleted successfully.
File C:\WINDOWS\system32\1ACC3E46B2.sys deleted successfully.
File C:\WINDOWS\system32\1ACC3E46B2.sys not found!
Deletion of file C:\WINDOWS\system32\1ACC3E46B2.sys failed!
Could not process line:
C:\WINDOWS\system32\1ACC3E46B2.sys
Status: 0xc0000034
File C:\WINDOWS\system32\249D4EF08F.sys deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
- rary
- Začátečník
-
- Registrován: 20. čer 2006
Ještě ti stahuje PC data?
Jinak dej sem pro jistotu log z GMER:
Stáhni si GMER rozbal ho do vlastní složky a spusť ho.
Klikni na záložku Rootkit
vpravo zaškrtni všechny umístění od System až po Files
A klikni na tlačítko Scan program proscanuje tvůj počítač
Po skončení scanování klikni na tlačítko Copy a zkopíruj sem výsledek.
Jinak dej sem pro jistotu log z GMER:
Stáhni si GMER rozbal ho do vlastní složky a spusť ho.
Klikni na záložku Rootkit
vpravo zaškrtni všechny umístění od System až po Files
A klikni na tlačítko Scan program proscanuje tvůj počítač
Po skončení scanování klikni na tlačítko Copy a zkopíruj sem výsledek.
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
GMER 1.0.13.12540 - http://www.gmer.net
Rootkit scan 2007-06-28 15:35:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 88, 3A, F7, 83, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ AE, C0, E2, AA, BF, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 28 Bytes [ 18, DB, E2, AA, 05, 89, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ C8, CE, E2, AA, E0, 29, EF, ... ]
.text ntoskrnl.exe!_abnormal_termination + 37F 804E3050 28 Bytes [ 80, 2F, EF, AA, A9, 8A, 3A, ... ]
.text ...
? pxfsf.sys Systém nemůže nalézt uvedený soubor.
? \WINDOWS\system32\DRIVERS\pxcom.SYS Systém nemůže nalézt uvedený soubor.
? srescan.sys Systém nemůže nalézt uvedený soubor.
? system32\DRIVERS\pxrd.sys Systém nemůže nalézt uvedený soubor.
? system32\DRIVERS\pxtdi.sys Systém nemůže nalézt uvedený soubor.
.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 88, 3A, F7, 83, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ AE, C0, E2, AA, BF, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 28 Bytes [ 18, DB, E2, AA, 05, 89, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ C8, CE, E2, AA, E0, 29, EF, ... ]
.text ntoskrnl.exe!_abnormal_termination + 37F 804E3050 28 Bytes [ 80, 2F, EF, AA, A9, 8A, 3A, ... ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AAEFBFB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AAEE7570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AAEE74C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AAEE7670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AAEE71D0] \SystemRoot\System32\vsdatant.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82FB9558
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A66D8BCC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A66D87D6] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A66D8F94] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A66D8BCC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A66D87D6] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A66D8F94] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A66D91CC] amon.sys
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 82137D38
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 82137D38
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AAEFB8A0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AAEFB8A0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1DD3828
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1DD3828
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1DD3828
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82AB00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 829DE228
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 82AB00E8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1653480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1653480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1653480
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81E63430
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE
Rootkit scan 2007-06-28 15:35:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 88, 3A, F7, 83, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ AE, C0, E2, AA, BF, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 28 Bytes [ 18, DB, E2, AA, 05, 89, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ C8, CE, E2, AA, E0, 29, EF, ... ]
.text ntoskrnl.exe!_abnormal_termination + 37F 804E3050 28 Bytes [ 80, 2F, EF, AA, A9, 8A, 3A, ... ]
.text ...
? pxfsf.sys Systém nemůže nalézt uvedený soubor.
? \WINDOWS\system32\DRIVERS\pxcom.SYS Systém nemůže nalézt uvedený soubor.
? srescan.sys Systém nemůže nalézt uvedený soubor.
? system32\DRIVERS\pxrd.sys Systém nemůže nalézt uvedený soubor.
? system32\DRIVERS\pxtdi.sys Systém nemůže nalézt uvedený soubor.
.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 88, 3A, F7, 83, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ AE, C0, E2, AA, BF, 88, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 28 Bytes [ 18, DB, E2, AA, 05, 89, 3A, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ C8, CE, E2, AA, E0, 29, EF, ... ]
.text ntoskrnl.exe!_abnormal_termination + 37F 804E3050 28 Bytes [ 80, 2F, EF, AA, A9, 8A, 3A, ... ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AAEFBFB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AAEEE950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AAEEEAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AAEEEFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AAEEEE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AAEE7570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AAEE74C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AAEE7670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AAEE71D0] \SystemRoot\System32\vsdatant.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82FB9558
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A66D8BCC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A66D87D6] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A66D8F94] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73EA46A] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A66D8BCC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A66D87D6] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A66D8F94] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A66D91CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A66D91CC] amon.sys
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 82137D38
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 82137D38
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AAEFB8A0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AAEFB8A0] vsdatant.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F4A44F58] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F4A44F58] pxtdi.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1DD3828
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1DD3828
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1DD3828
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82AB00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 829DE228
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 82AB00E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 82AB00E8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1653480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1653480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1653480
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81E63430
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AAEFB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE
- PCmaniac99
- Začátečník
-
- Registrován: 22. dub 2007
- Bydliště: Trutnov
- Kontaktovat uživatele:
tak dnes na mě zařval NOD32
C:\system volume information\_restore............................\A0141757.dll
varinata infiltrace Win32\BHO.Gtrojský kůň
tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací C:\windows\system32\svchost.exe soubor byl přesunut do karantény.... bla bla bla.....
tak že systemovej proces vytvořil soubor s virem a chtěl ho uložit do složky volume information.... snad to víckrát neudělá... asi systém proženu antispywarem a nodem.... snad to pomůže kdyžtak něco ještě doporučte.....
C:\system volume information\_restore............................\A0141757.dll
varinata infiltrace Win32\BHO.Gtrojský kůň
tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací C:\windows\system32\svchost.exe soubor byl přesunut do karantény.... bla bla bla.....
tak že systemovej proces vytvořil soubor s virem a chtěl ho uložit do složky volume information.... snad to víckrát neudělá... asi systém proženu antispywarem a nodem.... snad to pomůže kdyžtak něco ještě doporučte.....
- rary
- Začátečník
-
- Registrován: 20. čer 2006
No takže log z Gmeru je v pořádku.
Jinak udělej toto:
Vypni obnovu systému.
Poté až vypneš obnovu systému tak udělej toto:
Stáhni si SDFix
a spusť ho ,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah)
Jinak udělej toto:
Vypni obnovu systému.
Poté až vypneš obnovu systému tak udělej toto:
Stáhni si SDFix
a spusť ho ,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah)