Proszę o pomoc od pewnego czasu zauważyłem, że mój komputer wolniej mysli, a internet wolniej reaguje. Poniżej daje kilka screenów i Log.
Co jakiś czas (kilkanaście sekund, a czasami minut) pojawia mi się takie okienko:
1
2
3
4
W trayu cos takiego
Logfile of HijackThis v1.99.1
Scan saved at 20:44:15, on 2006-10-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Inne\CPUCooL\CooLSrv.exe
D:\Moje\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Programy\Przeglądarki\Opera.exe
C:\Documents and Settings\Bartek\Pulpit\winampa.exe
C:\Programy\Muzyczne\Winamp\winamp.exe
C:\Programy\NARZDZ~1\IZArc\IZArc.exe
C:\DOCUME~1\Bartek\USTAWI~1\Temp\ARC2B\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spyware\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programy\Internetowe\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Opera.lnk = ?
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programy\Inne\CPUCooL\CooLSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Moje\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Złączono Posta : 13.10.2006 (Pią) 20:59
Skanowałem SpyBotem i nic nie pomógł. czyściłem komputer programem jv16 PowerTools 2006 1.5.2.344, a także czyściłem rejestr. Nadal nic.
adam9870
13 Październik 2006 19:15
#2
Na początek proszę użyć narzędzia SmitFraudFix
Po wykonaniu daj nowy log z HijackThis oraz SilentRunners .
Dodatkowo pozamykaj porty robakom. W tym celu użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Problem z okienkami zniknoł, ale nadal jakby kom sie cioł :roll: . Masz na to jakąs radę?
Logfile of HijackThis v1.99.1
Scan saved at 22:44:07, on 2006-10-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Inne\CPUCooL\CooLSrv.exe
D:\Moje\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Programy\Przeglądarki\Opera.exe
C:\DOCUME~1\Bartek\USTAWI~1\Temp\ARCD\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spyware\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programy\Internetowe\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Opera.lnk = ?
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programy\Inne\CPUCooL\CooLSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Moje\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
adam9870
13 Październik 2006 21:08
#4
Skasuj poniższy wpis w hjt:
Po zrobieniu proszę pokazać log z silenta i ewentualnie raport ze SmitFraudFix (C:\rapport.txt)
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\Programy\Internetowe\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z o.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"ULiRaid" = "C:\Program Files\ULi5287\ULi5287.exe" [empty string]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch5 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programy\Spyware\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "C:\Programy\Muzyczne\JetFlExt.dll" ["JetAudio, Inc."]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "C:\Programy\Narzędzia\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\Programy\Narzędzia\IZArc\IZArcCM.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "D:\Moje\Alcohol\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00000000-5736-4205-0100-781cd0e19f00}" = "Steganos Internet Anonym Pro 7"
-> {HKLM...CLSID} = "Steganos Internet Anonym Pro 7"
\InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7se.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\Programy\Narzędzia\IZArc\IZArcCM.dll" [null data]
Steganos Internet Anonym Pro 7\(Default) = "{00000000-5736-4205-0100-781cd0e19f00}"
-> {HKLM...CLSID} = "Steganos Internet Anonym Pro 7"
\InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7se.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\Programy\Narzędzia\IZArc\IZArcCM.dll" [null data]
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "C:\Programy\Muzyczne\JetFlExt.dll" ["JetAudio, Inc."]
Steganos Internet Anonym Pro 7\(Default) = "{00000000-5736-4205-0100-781cd0e19f00}"
-> {HKLM...CLSID} = "Steganos Internet Anonym Pro 7"
\InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7se.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "C:\Programy\Muzyczne\JetFlExt.dll" ["JetAudio, Inc."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Bartek\Moje dokumenty\Moje obrazy\300GT.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Bartek\Moje dokumenty\Moje obrazy\300GT.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\3DWIND~1.SCR" (3D Windows XP.scr) [null data]
Startup items in "Bartek" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart
"Opera" -> shortcut to: "C:\Programy\Przeglądarki\Opera.exe" ["Opera Software"]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"D-Link AirPlus" -> shortcut to: "C:\Program Files\D-Link AirPlus\AirPlus.exe" ["D-Link"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Secure Surfing Engine\sselsp.dll [null data], 01 - 03, 18
%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{00000000-5736-4205-0008-781CD0E19F00}"
-> {HKLM...CLSID} = "Steganos Internet Anonym"
\InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7iep.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{00000000-5736-4205-0008-781CD0E19F00}" = (no title provided)
-> {HKLM...CLSID} = "Steganos Internet Anonym"
\InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7iep.dll" [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{00000000-5736-4205-0009-781CD0E19F00}\(Default) = "Prywatna lista ulubionych Steganos"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "c:\program files\steganos internet anonym pro 7\siapro7iep.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
CPUCooLServer Service, CPUCooLServer, "C:\Programy\Inne\CPUCooL\CooLSrv.exe" [null data]
StarWind iSCSI Service, StarWindService, "D:\Moje\Alcohol\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 196 seconds.
---------- (total run time: 71 seconds)
SmitFraudFix v2.109
Scan done at 23:58:43,42, 2006-10-13
Run from C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bartek
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bartek\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bartek\Ulubione
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!Attention, following keys are not inevitably infected!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End[/code]
Bieniol
14 Październik 2006 11:12
#6
Daj log z Gmer’a
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-14 14:26:24
Windows 5.1.2600 Dodatek Service Pack. 1
---- System - GMER 1.0.11 ----
SSDT d347bus.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82756A48
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82322400
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F314E2A0] vsdatant.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E17A7C30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E17A7C30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E17A7C30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82530008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 823142B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82530008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 82306F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 82306F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82530008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82530008
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E13E0390
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E13E0390
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E13E0390
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 823CF688
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F314E2A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8238D2B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F314E2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F314E2A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8238D2B0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82423178
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 825ED178
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLOSE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_READ 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_WRITE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_EA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_POWER 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_PNP 822F4F00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_READ 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 82383118
Device \Driver\m5287 \Device\Scsi\m52871 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DE4661] prosync1.sys
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_CREATE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_CLOSE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_READ 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_WRITE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SET_EA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_POWER 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 82383118
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 IRP_MJ_PNP 82383118
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 822F4F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 822F4F00
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82322400
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 822CCA60
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 822CCA60
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 822CCA60
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 822CCA60
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 822CCA60
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 823A85E0
---- Modules - GMER 1.0.11 ----
Module _________ F87E3000
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
Bieniol
14 Październik 2006 12:35
#8
Daj jeszcze: Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V do posta
Co ? Jaki Rootkit ? Nie rozumiem. Po co mam wklejać tyle tych logów, dałem już z Hijacka , Silent Runners , SmitFraudFix , Gmer ???
Bieniol
14 Październik 2006 13:18
#10
Tu cały czas chodzi o GMERa
Bo masz rootkika pe386:
