05.06.2007, 18:53
Witam bardzo mi sie komp wiesza jak chce otworzyc IE to czekam z 1 minute moze mam wirusa prosze o sprawdzenie log''ow
log z Silent''a
LOG Z HIJACKA
Log z Gmer''a
[code:1]GMER 1.0.12.12244 -
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT??C:WINDOWSsystem32driversklif.sysZwClose
SSDTSystemRootSystem32vsdatant.sys ZwConnectPort
SSDTSystemRootSystem32vsdatant.sys ZwCreateFile
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateKey
SSDTa347bus.sys ZwCreatePagingFile
SSDTSystemRootSystem32vsdatant.sys ZwCreatePort
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcess
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcessEx
SSDTSystemRootSystem32vsdatant.sys ZwCreateSection
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateSymbolicLinkObject
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateThread
SSDTSystemRootSystem32vsdatant.sys ZwCreateWaitablePort
SSDTSystemRootSystem32vsdatant.sys ZwDeleteFile
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteKey
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteValueKey
SSDTSystemRootSystem32vsdatant.sys ZwDuplicateObject
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateKey
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwFlushKey
SSDT??C:WINDOWSsystem32driversklif.sysZwInitializeRegistry
SSDTSystemRootSystem32vsdatant.sys ZwLoadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey2
SSDTSystemRootSystem32vsdatant.sys ZwMapViewOfSection
SSDT??C:WINDOWSsystem32driversklif.sysZwNotifyChangeKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenFile
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenSection
SSDTSystemRootSystem32vsdatant.sys ZwOpenThread
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryMultipleValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQuerySystemInformation
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwReplaceKey
SSDTSystemRootSystem32vsdatant.sys ZwRequestWaitReplyPort
SSDT??C:WINDOWSsystem32driversklif.sysZwRestoreKey
SSDT??C:WINDOWSsystem32driversklif.sysZwResumeThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSaveKey
SSDTSystemRootSystem32vsdatant.sys ZwSecureConnectPort
SSDT??C:WINDOWSsystem32driversklif.sysZwSetContextThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationFile
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwSetSecurityObject
SSDTSystemRootSystem32vsdatant.sys ZwSetSystemInformation
SSDTa347bus.sys ZwSetSystemPowerState
SSDT??C:WINDOWSsystem32driversklif.sysZwSetValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSuspendThread
SSDTSystemRootSystem32vsdatant.sys ZwTerminateProcess
SSDTSystemRootSystem32vsdatant.sys ZwUnloadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwUnloadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwWriteVirtualMemory
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[284]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[285]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[286]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[287]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[288]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[289]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[290]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[291]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[292]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[293]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[294]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[295]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[296]
INT 0x20srescan.sys F72B6A00
Code??C:WINDOWSsystem32driversklif.sysFsRtlCheckLockForReadAccess
Code??C:WINDOWSsystem32driversklif.sysIoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys
? srescan.sys The system cannot find the file specified.
? C:WINDOWSsystem32DRIVERSupdate.sys
? C:WINDOWSTEMPmc253.tmp The system cannot find the file specified.
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys
---- User code sections - GMER 1.0.12 ----
.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32PSIService.exe[284] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesWebshotsWebshots.scr[296] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F0E0F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F0A0F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] GDI32.dll!Escape77F273B4 6 BytesJMP 5F040F5A
.text Crogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesGadu-Gadugg.exe[528] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32csrss.exe[824] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSsystem32taskmgr.exe[1052] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1280] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32ZoneLabsvsmon.exe[1496] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes[ CD, 20 ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSexplorer.exe[3160] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE2DAB67C9C8998 4 Bytes[ 20, 03, 4A, 7E ]
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE34A267C9CF908 4 Bytes[ B0, 02, 4A, 7E ]
.text Crogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesWinampwinampa.exe[3520] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F08001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0B001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F05001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F180F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F140F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F180F5A
.text Crogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F140F5A
.text Crogram FilesOperaOpera.exe[5468] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
---- Devices - GMER 1.0.12 ----
DeviceFileSystemNtfs Ntfs IRP_MJ_READ84533870
DeviceDriverTcpip DeviceIp IRP_MJ_CREATE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLOSE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLEANUP [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CREATE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLOSE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLEANUP[EDB828A0] vsdatant.sys
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DIRECTORY_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SHUTDOWN842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_LOCK_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLEANUP 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_MAILSLOT 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_POWER 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SYSTEM_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CHANGE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_PNP 842B7160
DeviceFileSystemRdbss DeviceFsWrap IRP_MJ_READ8452FC98
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_VOLUME_INFORMATIO
log z Silent''a
Cytat:HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"swg" = "Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" ["Google Inc."]
"Gadu-Gadu" = ""Crogram FilesGadu-Gadugg.exe" /tray" ["sms-express.com"]
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"STYLEXP" = "Crogram FilesTGTSoftStyleXPStyleXP.exe -Hide" [empty string]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"Spyware Doctor" = ""Crogram FilesSpyware Doctorswdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. ([Aby zobaczyć linki, zarejestruj się tutaj]
)"]
"NvCplDaemon" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"RemoteControl" = ""Crogram FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"WinampAgent" = ""Crogram FilesWinampwinampa.exe"" [null data]
"ZoneAlarm Client" = ""Crogram FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"PCSuiteTrayApplication" = ""Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup" ["Nokia"]
"AVP" = ""Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
InProcServer32(Default) = "CROGRA~1SPYWAR~1toolsiesdsg.dll" ["PC Tools"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
InProcServer32(Default) = "CROGRA~1SPYWAR~1toolsiesdpb.dll" ["PC Tools"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "D:alkoholALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
-> {HKLM...CLSID} = "My Phones"
InProcServer32(Default) = "Crogram FilesSony EricssonMobileFile Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
InProcServer32(Default) = "Crogram FilesNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]
HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "Crogram FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "%APPDATA%WebshotsThe Webshots DesktopWebshots Wallpaper.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsAlbertApplication DataWebshotsThe Webshots DesktopWebshots Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]
Startup items in "Albert" & "All Users" startup folders:
--------------------------------------------------------
Cocuments and SettingsAlbertStart MenuProgramsStartup
"StyleXP" -> shortcut to: "Crogram FilesTGTSoftStyleXPStyleXP.exe" [empty string]
"Webshots" -> shortcut to: "Crogram FilesWebshotsLauncher.exe/t" [null data]
Cocuments and SettingsAll UsersStart MenuProgramsStartup
"Adobe Reader Speed Launch" -> shortcut to: "Crogram FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]
"WinZip Quick Pick" -> shortcut to: "D:WinZipWZQKPICK.EXE" ["WinZip Computing, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki ochrony WWW"
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
InProcServer32(Default) = "CROGRA~1SPYWAR~1toolsiesdpb.dll" ["PC Tools"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Kaspersky Anti-Virus 6.0, AVP, ""Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "Crogram FilesSpyware Doctorsdhelp.exe" ["PC Tools Research Pty Ltd"]
ProtexisLicensing, ProtexisLicensing, "C:WINDOWSsystem32PSIService.exe" [null data]
ServiceLayer, ServiceLayer, ""Crogram FilesPC Connectivity SolutionServiceLayer.exe"" ["Nokia."]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:WINDOWSsystem32svchost.exe -k WudfServiceGroup" {"C:WINDOWSSystem32WUDFSvc.dll" [MS]}
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 78 seconds.
---------- (total run time: 152 seconds
LOG Z HIJACKA
Cytat:Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PSIService.exe
Crogram FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMixer.exe
C:WINDOWSsystem32RUNDLL32.EXE
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesWinampwinampa.exe
Crogram FilesZone LabsZoneAlarmzlclient.exe
Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
Crogram FilesPC Connectivity SolutionServiceLayer.exe
Crogram FilesTGTSoftStyleXPStyleXP.exe
C:WINDOWSsystem32ctfmon.exe
D:WinZipWZQKPICK.EXE
Crogram FilesWebshotswebshots.scr
Crogram FilesGadu-Gadugg.exe
C:WINDOWSsystem32taskmgr.exe
Crogram FilesOperaOpera.exe
Cocuments and SettingsAlbertDesktopHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =[Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =[Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =[Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =[Aby zobaczyć linki, zarejestruj się tutaj]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - CROGRA~1SPYWAR~1toolsiesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - CROGRA~1SPYWAR~1toolsiesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [WinampAgent] "Crogram FilesWinampwinampa.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "Crogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] "Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [STYLEXP] Crogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Spyware Doctor] "Crogram FilesSpyware Doctorswdoctor.exe" /Q
O4 - Startup: StyleXP.lnk = Crogram FilesTGTSoftStyleXPStyleXP.exe
O4 - Startup: Webshots.lnk = Crogram FilesWebshotsLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:WinZipWZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - CROGRA~1SPYWAR~1toolsiesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -[Aby zobaczyć linki, zarejestruj się tutaj]
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - Crogram FilesSpyware Doctorsdhelp.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - Crogram FilesTGTSoftStyleXPStyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
Log z Gmer''a
[code:1]GMER 1.0.12.12244 -
[Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2007-06-05 21:28:35Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT??C:WINDOWSsystem32driversklif.sysZwClose
SSDTSystemRootSystem32vsdatant.sys ZwConnectPort
SSDTSystemRootSystem32vsdatant.sys ZwCreateFile
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateKey
SSDTa347bus.sys ZwCreatePagingFile
SSDTSystemRootSystem32vsdatant.sys ZwCreatePort
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcess
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcessEx
SSDTSystemRootSystem32vsdatant.sys ZwCreateSection
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateSymbolicLinkObject
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateThread
SSDTSystemRootSystem32vsdatant.sys ZwCreateWaitablePort
SSDTSystemRootSystem32vsdatant.sys ZwDeleteFile
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteKey
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteValueKey
SSDTSystemRootSystem32vsdatant.sys ZwDuplicateObject
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateKey
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwFlushKey
SSDT??C:WINDOWSsystem32driversklif.sysZwInitializeRegistry
SSDTSystemRootSystem32vsdatant.sys ZwLoadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey2
SSDTSystemRootSystem32vsdatant.sys ZwMapViewOfSection
SSDT??C:WINDOWSsystem32driversklif.sysZwNotifyChangeKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenFile
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenSection
SSDTSystemRootSystem32vsdatant.sys ZwOpenThread
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryMultipleValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQuerySystemInformation
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwReplaceKey
SSDTSystemRootSystem32vsdatant.sys ZwRequestWaitReplyPort
SSDT??C:WINDOWSsystem32driversklif.sysZwRestoreKey
SSDT??C:WINDOWSsystem32driversklif.sysZwResumeThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSaveKey
SSDTSystemRootSystem32vsdatant.sys ZwSecureConnectPort
SSDT??C:WINDOWSsystem32driversklif.sysZwSetContextThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationFile
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwSetSecurityObject
SSDTSystemRootSystem32vsdatant.sys ZwSetSystemInformation
SSDTa347bus.sys ZwSetSystemPowerState
SSDT??C:WINDOWSsystem32driversklif.sysZwSetValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSuspendThread
SSDTSystemRootSystem32vsdatant.sys ZwTerminateProcess
SSDTSystemRootSystem32vsdatant.sys ZwUnloadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwUnloadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwWriteVirtualMemory
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[284]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[285]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[286]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[287]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[288]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[289]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[290]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[291]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[292]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[293]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[294]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[295]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[296]
INT 0x20srescan.sys F72B6A00
Code??C:WINDOWSsystem32driversklif.sysFsRtlCheckLockForReadAccess
Code??C:WINDOWSsystem32driversklif.sysIoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys
? srescan.sys The system cannot find the file specified.
? C:WINDOWSsystem32DRIVERSupdate.sys
? C:WINDOWSTEMPmc253.tmp The system cannot find the file specified.
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys
---- User code sections - GMER 1.0.12 ----
.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32PSIService.exe[284] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesWebshotsWebshots.scr[296] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesWebshotsWebshots.scr[296] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F0E0F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F0A0F5A
.text Crogram FilesSpyware Doctorsdhelp.exe[416] GDI32.dll!Escape77F273B4 6 BytesJMP 5F040F5A
.text Crogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesGadu-Gadugg.exe[528] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesGadu-Gadugg.exe[528] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32csrss.exe[824] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSsystem32taskmgr.exe[1052] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1280] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32ZoneLabsvsmon.exe[1496] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes[ CD, 20 ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSexplorer.exe[3160] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE2DAB67C9C8998 4 Bytes[ 20, 03, 4A, 7E ]
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE34A267C9CF908 4 Bytes[ B0, 02, 4A, 7E ]
.text Crogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesWinampwinampa.exe[3520] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesWinampwinampa.exe[3520] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F08001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0B001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F05001E
.text Crogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text Crogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F180F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F140F5A
.text Cocuments and SettingsAlbertDesktopgmer.exe[4168] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text Crogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text Crogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text Crogram FilesOperaOpera.exe[5468] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text Crogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F180F5A
.text Crogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F140F5A
.text Crogram FilesOperaOpera.exe[5468] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
---- Devices - GMER 1.0.12 ----
DeviceFileSystemNtfs Ntfs IRP_MJ_READ84533870
DeviceDriverTcpip DeviceIp IRP_MJ_CREATE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLOSE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLEANUP [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CREATE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLOSE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLEANUP[EDB828A0] vsdatant.sys
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DIRECTORY_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SHUTDOWN842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_LOCK_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLEANUP 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_MAILSLOT 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_POWER 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SYSTEM_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CHANGE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_PNP 842B7160
DeviceFileSystemRdbss DeviceFsWrap IRP_MJ_READ8452FC98
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_VOLUME_INFORMATIO