stejnou metodou jako předtím.
nějaká změna v chování kompu?
samozřejmě,nemáš za co.
Kontrola logu HIjackthis -zpomalenej počítač Vyřešeno
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Smaž složku _OTMoveIt a Avenger.
Zálohuj si pro jistotu tvé data.
A jdeme smazat oba ty soubory, ale Avengerem.
Vlož do něj tento script:
Drivers to unload:
aepztcdw
Files to delete:
C:\WINDOWS\system32\bcae_s.dll
C:\WINDOWS\system32\Drivers\aepztcdw.SYS
PC se dvakrát restartuje a po těch dvou restartech sem vlož log z Avengeru + nový log z IceSword ale jenom ten Kernel Module
Zálohuj si pro jistotu tvé data.
A jdeme smazat oba ty soubory, ale Avengerem.
Vlož do něj tento script:
Drivers to unload:
aepztcdw
Files to delete:
C:\WINDOWS\system32\bcae_s.dll
C:\WINDOWS\system32\Drivers\aepztcdw.SYS
PC se dvakrát restartuje a po těch dvou restartech sem vlož log z Avengeru + nový log z IceSword ale jenom ten Kernel Module
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
..takze to sem budu muset hodit az rano .....tak v 7:30-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
Moc se omlouvam za to zdrzeni ale drive to opravdu neslo ......
Tady posílam log co mi vytvoril avander
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vosrvbkc
*******************
Script file located at: \??\C:\Documents and Settings\lmyhfsfc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\aepztcdw not found!
Unload of driver aepztcdw failed!
Could not process line:
aepztcdw
Status: 0xc0000034
File C:\WINDOWS\system32\bcae_s.dll deleted successfully.
File C:\WINDOWS\system32\Drivers\aepztcdw.SYS not found!
Deletion of file C:\WINDOWS\system32\Drivers\aepztcdw.SYS failed!
Could not process line:
C:\WINDOWS\system32\Drivers\aepztcdw.SYS
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
a tady prikladam log z ice swordu z karnel module
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTDDRV1.SYS
ACPI.sys
pci.sys
isapnp.sys
avgarkt.sys
sojubus.sys
viaide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
fxkvcqpv.sys
viamraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
sojuscsi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
viaagp1.sys
sfvfs02.sys
sfhlp02.sys
sfhlp01.sys
sfdrv01.sys
prosync1.sys
prohlp02.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\lvcap138.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\cmuda.sys
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\Drivers\a3jqx1z3.SYS
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tapdrvr.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lvtuner.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\AvgArCln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\cmdmon.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\DRIVERS\atapi.sys
Tady posílam log co mi vytvoril avander
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vosrvbkc
*******************
Script file located at: \??\C:\Documents and Settings\lmyhfsfc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\aepztcdw not found!
Unload of driver aepztcdw failed!
Could not process line:
aepztcdw
Status: 0xc0000034
File C:\WINDOWS\system32\bcae_s.dll deleted successfully.
File C:\WINDOWS\system32\Drivers\aepztcdw.SYS not found!
Deletion of file C:\WINDOWS\system32\Drivers\aepztcdw.SYS failed!
Could not process line:
C:\WINDOWS\system32\Drivers\aepztcdw.SYS
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
a tady prikladam log z ice swordu z karnel module
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTDDRV1.SYS
ACPI.sys
pci.sys
isapnp.sys
avgarkt.sys
sojubus.sys
viaide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
fxkvcqpv.sys
viamraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
sojuscsi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
viaagp1.sys
sfvfs02.sys
sfhlp02.sys
sfhlp01.sys
sfdrv01.sys
prosync1.sys
prohlp02.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\lvcap138.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\cmuda.sys
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\Drivers\a3jqx1z3.SYS
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tapdrvr.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lvtuner.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\AvgArCln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\cmdmon.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\amon.sys
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\DRIVERS\atapi.sys
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
toto nech zkontrolovat
C:\WINDOWS\system32\Drivers\a3jqx1z3.SYS
C:\WINDOWS\System32\drivers\IsDrv120.sys
http://www.virustotal.com/flash/index_en.html
nebo
http://virusscan.jotti.org/
http://scanner.virus.org/
C:\WINDOWS\system32\Drivers\a3jqx1z3.SYS
C:\WINDOWS\System32\drivers\IsDrv120.sys
http://www.virustotal.com/flash/index_en.html
nebo
http://virusscan.jotti.org/
http://scanner.virus.org/
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
tady tento soubor je v pořádku má patřit k IceSwordu: IsDrv120.sys
Ještě na Virustotaluj nechej zkontrolovat tento soubor:
fxkvcqpv.sys - tento soubor budeš muset najít.
Pro lepší nalezení si zapni- Zobrazovat skryté a systémové soubory.
A zkopíruj sem výsledek.
A udělej toto:
Spusť IceSword dole vlevo zvol kategorii File. Na levo klikni na Local Disk (C:) > WINDOWS > system32 > DRIVERS.
Vpravo najdi ten soubor a3jqx1z3.SYS klikni na něj pravým tlačítkem a zvol Force Delete.
Poté znovu udělej log kategorie Kernel Module.
Také si stáhni GMER a rozbal ho do vlastní složky.
Spusť ho a klikni na záložku Rootkit.
Vpravo zaškrtni všechno od System až po Files + všechny disky + ADS.
A klikni na tlačítko Scan program proscanuje tvůj počítač.
Po skončení scanování klikni na tlačítko Copy a zkopíruj sem výsledek.
Ještě na Virustotaluj nechej zkontrolovat tento soubor:
fxkvcqpv.sys - tento soubor budeš muset najít.
Pro lepší nalezení si zapni- Zobrazovat skryté a systémové soubory.
A zkopíruj sem výsledek.
A udělej toto:
Spusť IceSword dole vlevo zvol kategorii File. Na levo klikni na Local Disk (C:) > WINDOWS > system32 > DRIVERS.
Vpravo najdi ten soubor a3jqx1z3.SYS klikni na něj pravým tlačítkem a zvol Force Delete.
Poté znovu udělej log kategorie Kernel Module.
Také si stáhni GMER a rozbal ho do vlastní složky.
Spusť ho a klikni na záložku Rootkit.
Vpravo zaškrtni všechno od System až po Files + všechny disky + ADS.
A klikni na tlačítko Scan program proscanuje tvůj počítač.
Po skončení scanování klikni na tlačítko Copy a zkopíruj sem výsledek.
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
jak mam najit fxkvcqpv.sys? mam zapnute abych videl zkryte polozky .v ice swrodu jsem dal file a nasel tuto cestu Local Disk (C:) > WINDOWS > system32 > DRIVERS. ale tento soubor a3jqx1z3.SYSjsem tam nenasel .Posilam log z toho gmer ale je pekne dlouhej ....ja bych se v nem nevyznal :-)) ale vy urcite jo .....
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-06 22:33:13
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateFile
SSDT sptd.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetInformationFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwShutdownSystem
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFileGather
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F7B9A62C 5 Bytes JMP 8204C1B8
? System32\Drivers\au7gh37i.SYS Systém nemůže nalézt uvedený soubor.
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82FC7AE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823591D8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F1920FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F1920BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F19213D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F192167A] amon.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 81B2F580
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CREATE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CLOSE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CLEANUP 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_PNP 81B76990
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5665A6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5665A16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F566594A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F566585E] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F56659B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5665B12] cmdmon.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8204B1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CREATE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CLOSE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CLEANUP 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_PNP 81B76990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8204B1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 822EF1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 8204B1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 822AE1D8
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5665A6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5665A16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F566594A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F566585E] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F56659B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5665B12] cmdmon.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-06 22:33:13
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateFile
SSDT sptd.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetInformationFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwShutdownSystem
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFileGather
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F7B9A62C 5 Bytes JMP 8204C1B8
? System32\Drivers\au7gh37i.SYS Systém nemůže nalézt uvedený soubor.
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82FC7AE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8502910] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8502950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F85026D0] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8502730] inspect.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823591D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823591D8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F1920FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F1920BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F19213D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F192167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F192167A] amon.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 81B2F580
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 81B2F580
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CREATE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CLOSE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_CLEANUP 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9278036-8738-4994-91D1-FC253A46ED1F} IRP_MJ_PNP 81B76990
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5665A6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5665A16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F566594A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F566585E] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F56659B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5665B12] cmdmon.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8204B1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CREATE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CLOSE 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_CLEANUP 81B76990
Device \Driver\NetBT \Device\NetBT_Tcpip_{02F1AA83-18BA-4496-A209-6C2231301334} IRP_MJ_PNP 81B76990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8204B1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 822EF1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 822EF1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8204B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 8204B1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 822AE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 822AE1D8
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5665A6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5665A16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F566594A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F566585E] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F56659B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5665B12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5665B12] cmdmon.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE
Ten log z GMERU je celý ?
Jinak v něm nevidím nic podezřelého.
Dej sem log z Kernel Module ještě.
+ udělej toto:
Otevři poznámkový blok a do něj zkopíruj tento text:
@echo off
dir /a /-c /o:-d /t:c "%windir%\system32\DRIVERS" >>%systemdrive%\look.txt
notepad %systemdrive%\look.txt
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: vypis.bat
Jak je Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na %systemdrive% to znamená v tvém případě na disk C:
A spusť ten soubor měl by se ti zobrazit ten log tak sem zkopíruj celý jeho obsah.
Jinak v něm nevidím nic podezřelého.
Dej sem log z Kernel Module ještě.
+ udělej toto:
Otevři poznámkový blok a do něj zkopíruj tento text:
@echo off
dir /a /-c /o:-d /t:c "%windir%\system32\DRIVERS" >>%systemdrive%\look.txt
notepad %systemdrive%\look.txt
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: vypis.bat
Jak je Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na %systemdrive% to znamená v tvém případě na disk C:
A spusť ten soubor měl by se ti zobrazit ten log tak sem zkopíruj celý jeho obsah.
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů