GMER - Rootkits

Polski	GMER	http://www.gmer.net
all your rootkits are belong to us

Logs

Rootkits

Scan results

Files	Log
sysbus32.sys	---- System - GMER 1.0.8 ---- SSDT 8182860A ZwEnumerateKey SSDT 818298B6 ZwQueryDirectoryFile ---- Devices - GMER 1.0.8 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEE Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEE Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEE Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEE Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE ---- Services - GMER 1.0.8 ---- Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (* hidden * ) [AUTO] sysbus32 ---- Registry - GMER 1.0.8 ---- Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ... Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ... Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Start 2 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ... ---- Files - GMER 1.0.8 ---- File D:\WINDOWS\system32\drivers\sysbus32.sys
avpe32.sys avpe64.sys avpe32.dll	---- System - GMER 1.0.7 ---- SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcess SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessEx SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThread SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFile SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation ---- Processes - GMER 1.0.7 ---- Process explorer.exe (* hidden * ) 1596 File D:\WINDOWS\system32\avpe32.dll File D:\WINDOWS\system32\drivers\avpe64.sys File D:\WINDOWS\system32\klgcptini.dat File D:\WINDOWS\system32\stt82.ini
i386p.sys	---- System - GMER 1.0.6 ---- SSDT 81F7FA16 ZwEnumerateKey SSDT 81F7FABA ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess SSDT 81F7F532 ZwQueryDirectoryFile ---- Devices - GMER 1.0.6 ---- Device \Driver\Tcpip IRP_MJ_CREATE 81F8057A Device \Driver\i386p IRP_MJ_CREATE 81F7F3A4 File C:\99e21c81d36497c0228b\data\EURGEOM.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DCT File C:\99e21c81d36497c0228b\data\EURROUTE.VLF File C:\99e21c81d36497c0228b\data\EUR_HD.MAD File C:\99e21c81d36497c0228b\data\MSCREATE.DIR File C:\99e21c81d36497c0228b\sp1\spmsg.dll File C:\99e21c81d36497c0228b\sp1\spuninst.exe File C:\99e21c81d36497c0228b\sp1\update File C:\99e21c81d36497c0228b\sp1\update\eula.txt File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll File C:\99e21c81d36497c0228b\sp1\update\update.exe File C:\99e21c81d36497c0228b\sp2\spmsg.dll File C:\99e21c81d36497c0228b\sp2\spuninst.exe File C:\99e21c81d36497c0228b\sp2\update File C:\99e21c81d36497c0228b\sp2\update\eula.txt File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll File C:\99e21c81d36497c0228b\sp2\update\update.exe File C:\99e21c81d36497c0228b\system\AM70407.DLL File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE File C:\99e21c81d36497c0228b\system\EUR70407.CHM File C:\99e21c81d36497c0228b\system\EUR70407.DLL File C:\99e21c81d36497c0228b\system\EUR70407.HLP File C:\99e21c81d36497c0228b\system\MSCREATE.DIR File C:\99e21c81d36497c0228b\system\MVUT21N.DLL
isa32.sys + netpt.sys	---- System - GMER 1.0.6 ---- SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKey SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcess SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFile SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation ---- Devices - GMER 1.0.6 ---- Device \Driver\Tcpip IRP_MJ_CREATE isa32.sys Device \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sys Device \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys ---- Processes - GMER 1.0.6 ---- Process svchost.exe (* hidden * ) 828 Process perfont.exe (* hidden * ) 1276 File C:\WINDOWS\system32\drivers\isa32.sys File C:\WINDOWS\system32\main6.exe File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf
zopenssld.sys	GMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.9 ---- SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!! ---- Processes - GMER 1.0.9 ---- Process ogolrs.exe (* hidden * ) 1928 <-- ROOTKIT !!! Process epfpr.exe (* hidden * ) 1972 <-- ROOTKIT !!! Process epfpr.exe (* hidden * ) 2032 <-- ROOTKIT !!! Process epfpr.exe (* hidden * ) 2040 <-- ROOTKIT !!! ---- Registry - GMER 1.0.9 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@nxsdrq C:\WINDOWS\system32\ogolrs.exe reg_run Reg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run@kuaes C:\WINDOWS\system32\ogolrs.exe reg_run ---- Files - GMER 1.0.9 ---- File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe File C:\WINDOWS\mcusi.dll File C:\WINDOWS\system32\epfpr.exe File C:\WINDOWS\system32\ogolrs.exe File C:\WINDOWS\system32\plmtcxj.exe File C:\WINDOWS\system32\unolibu.dll File C:\WINDOWS\system32\zopenssl.dll File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!! ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!! ---- EOF - GMER 1.0.9 ----
VT100.EXE	GMER 1.0.10.9819 - http://www.gmer.net Rootkit 2006-05-04 18:30:25 Windows 5.1.2600 Dodatek Service Pack 2 ---- Processes - GMER 1.0.10 ---- Process C:\WINDOWS\system32\VT100.EXE (* hidden * ) 3004 <-- ROOTKIT !!! Library C:\WINDOWS\system32\VT100.EXE (* hidden * ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!! ---- Registry - GMER 1.0.10 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\system32\VT100.EXE ---- EOF - GMER 1.0.10 ----
m_hook.sys	GMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Dodatek Service Pack. 1 ---- System - GMER 1.0.9 ---- SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!! SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!! SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!! SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!! SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!! ---- Processes - GMER 1.0.9 ---- Process wintems.exe (* hidden * ) 1656 <-- ROOTKIT !!! ---- Registry - GMER 1.0.9 ---- Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@german.exe C:\\WINDOWS\\System32\\wintems.exe Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@drvsyskit C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe ---- Files - GMER 1.0.9 ---- File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!! File C:\\WINDOWS\\system32\\wintems.exe ---- Services - GMER 1.0.9 ---- Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!! ---- EOF - GMER 1.0.9 ----
drmpdate.sys	GMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Dodatek Service Pack. 1 ---- System - GMER 1.0.9 ---- SSDT \SystemRoot\System32\drivers\klif.sys ZwClose SSDT d347bus.sys ZwCreateKey SSDT d347bus.sys ZwCreatePagingFile SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread SSDT d347bus.sys ZwEnumerateKey SSDT d347bus.sys ZwEnumerateValueKey SSDT kl1.sys ZwOpenFile SSDT d347bus.sys ZwOpenKey SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile SSDT d347bus.sys ZwQueryKey SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation SSDT d347bus.sys ZwQueryValueKey SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess SSDT d347bus.sys ZwSetSystemPowerState SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296] ---- Devices - GMER 1.0.9 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYS Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYS Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50 Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys Device \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8 ---- Processes - GMER 1.0.9 ---- Process UXTAKSIE.EXE (* hidden * ) 1208 <-- ROOTKIT !!! Process ADSPTSVC.EXE (* hidden * ) 1216 <-- ROOTKIT !!! ---- Modules - GMER 1.0.9 ---- Module _________ F846A000 ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\drivers\drmpdate.sys (* hidden * ) [SYSTEM] adpsSvc <-- ROOTKIT !!! ---- Registry - GMER 1.0.9 ---- Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvc Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4? Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUN Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dll Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.net Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.html Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703? Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvc Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4? Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUN Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dll Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.net Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.html Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703? Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exe Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAME Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sys Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName
ivdmt16.sys winlow.sys	GMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 ---- System - GMER 1.0.9 ---- SSDT a347bus.sys ZwClose SSDT a347bus.sys ZwCreateKey SSDT a347bus.sys ZwCreatePagingFile SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!! SSDT a347bus.sys ZwEnumerateValueKey SSDT a347bus.sys ZwOpenKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryValueKey SSDT a347bus.sys ZwSetSystemPowerState ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\Drivers\sysbus32.sys (* hidden * ) [AUTO] sysbus32 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\!KillBox\drct16.dll File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\WINDOWS\system32\cz.dll File C:\WINDOWS\system32\drct16.dll File C:\WINDOWS\system32\fltr.a3d File C:\WINDOWS\system32\hz.sys File C:\WINDOWS\system32\i.a3d File C:\WINDOWS\system32\klogini.dll File C:\WINDOWS\system32\mszx23.exe File C:\WINDOWS\system32\p2.ini File C:\WINDOWS\system32\redir.a3d File C:\WINDOWS\system32\tnfl.a3d File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\wz.sys File D:\System Volume Information\tracking.log ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!! Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!! ---- EOF - GMER 1.0.9 ----
imaslip.sys	GMER 1.0.9.8110 - {http://www.gmer.net} Windows 5.1.2600 Dodatek Service Pack 2 ---- Devices - GMER 1.0.9 ---- Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390 ---- Processes - GMER 1.0.9 ---- Process msvcji32.exe (* hidden * ) 1480 <-- ROOTKIT !!! Process lsacap32.exe (* hidden * ) 1488 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\WINDOWS\system32\drivers\imaslip.sys File C:\WINDOWS\system32\lsacap32.exe ---- EOF - GMER 1.0.9 ----
alco8drv.sys	GMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.9 ---- ---- Devices - GMER 1.0.9 ---- Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11 ---- Processes - GMER 1.0.9 ---- Process synbdusx.exe (* hidden * ) 1848 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\WINDOWS\system32\drivers\alco8drv.sys File C:\WINDOWS\system32\synbdusx.exe ---- EOF - GMER 1.0.9 ----
xdudmm.sys xdudtt.dll	GMER 1.0.10.10108 - http://www.gmer.net Rootkit 2006-05-24 00:29:02 Windows 5.1.2600 ---- System - GMER 1.0.10 ---- SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess ---- Devices - GMER 1.0.10 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!! Process C:\WINDOWS\SYSTEM32\winlogon.exe (* hidden * ) 796 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\system32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!! Library C:\WINDOWS\SYSTEM32\xdudtt.dll (* hidden * ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!! Process C:\WINDOWS\explorer.exe (* hidden * ) 3808 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!! Library C:\WINDOWS\system32\xdudtt.dll (* hidden * ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!! Library C:\WINDOWS\System32\xdudtt.dll (* hidden * ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!! ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\System32\xdudmm.sys (* hidden * ) [SYSTEM] xdudmm <-- ROOTKIT !!! Service C:\WINDOWS\System32\xdudmm.sys (* hidden * ) [AUTO] xdudtt <-- ROOTKIT !!! ---- EOF - GMER 1.0.10 ----
pe386	GMER 1.0.10.10108 - http://www.gmer.net Rootkit 2006-05-25 14:32:07 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.10 ---- SYSENTER ? 00810005 ---- Devices - GMER 1.0.10 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0 ---- Services - GMER 1.0.10 ---- Service D:\WINDOWS\System32:18467 (* hidden * ) [SYSTEM] pe386 <-- ROOTKIT !!! ---- EOF - GMER 1.0.10 ----
Gromozon Rootkit	GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-31 14:25:26 Windows 5.1.2600 Service Pack 2 ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\mdoom1.dll (* hidden * ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!! Library C:\WINDOWS\mdoom1.dll (* hidden * ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!! ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\mdoom1.dll File C:\WINDOWS\system32\lpt4.hzq ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Autostart 2006-08-31 14:27:47 Windows 5.1.2600 Service Pack 2 ... HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq ... HKLM\SYSTEM\CurrentControlSet\Services\ >>> SrvXdx /SrvXdx/@ = "C:\Programmi\File comuni\System\mfxS.exe" ... HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll ... ---- EOF - GMER 1.0.10 ----
lzx32	GMER 1.0.11.11310 - http://www.gmer.net Rootkit 2006-09-14 09:31:21 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.11 ---- SYSENTER ? F60FDFAF ---- Modules - GMER 1.0.11 ---- Module (noname) (* hidden * ) F60F9000 ---- Threads - GMER 1.0.11 ---- Thread 4:1224 F60FC08A ---- Services - GMER 1.0.11 ---- Service D:\WINDOWS\system32:lzx32.sys (* hidden * ) [SYSTEM] pe386 <-- ROOTKIT !!! ---- Files - GMER 1.0.11 ---- ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!! ---- EOF - GMER 1.0.11 ----
wincom32.sys	GMER 1.0.12.12012 - http://www.gmer.net Rootkit scan 2007-02-04 13:46:33 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!! ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys ---- Processes - GMER 1.0.12 ---- Process C:\WINDOWS\system32\taskdir.exe (* hidden * ) 1248 ---- Services - GMER 1.0.12 ---- Service C:\WINDOWS\system32\wincom32.sys (* hidden * ) [AUTO] wincom32 <-- ROOTKIT !!! ---- Files - GMER 1.0.12 ---- File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf File C:\WINDOWS\system32\adir.dll File C:\WINDOWS\system32\adirss.exe File C:\WINDOWS\system32\taskdir.exe File C:\WINDOWS\system32\wincom32.ini File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\WindowsLogon.manifest ---- EOF - GMER 1.0.12 ----
VideoAti0.sys	GMER 1.0.12.12070 - http://www.gmer.net Rootkit scan 2007-02-26 15:38:06 Windows 5.1.2600 Service Pack 2 ---- Kernel code sections - GMER 1.0.12 ---- PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET ? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084 Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144AC Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC ---- Modules - GMER 1.0.12 ---- Module \SystemRoot\System32\drivers\VideoAti0.sys (* hidden * ) FC814000 ---- Files - GMER 1.0.12 ---- File C:\WINDOWS\system32\drivers\VideoAti0.sys File C:\WINDOWS\system32\VideoAti0.dll File C:\WINDOWS\system32\VideoAti0.exe ---- EOF - GMER 1.0.12 ----
RioDrvs.sys	GMER 1.0.13.12482 - http://www.gmer.net Rootkit scan 2007-06-15 08:55:07 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwClose SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwClose SSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKey SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKey SSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKey SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKey SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKey SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKey SSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriver SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriver SSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFile SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFile SSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKey SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey ---- Processes - GMER 1.0.13 ---- Library C:\WINDOWS\LINKINFO.dll (* hidden * ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000 Library C:\WINDOWS\system32\linkinfo.dll (* hidden * ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000 ---- Files - GMER 1.0.13 ---- File C:\WINDOWS\linkinfo.dll File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\linkinfo.dll ---- Services - GMER 1.0.13 ---- Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!! ---- EOF - GMER 1.0.13 ----

Copyright (c) GMER 2004 - 2007