View Full Version : Come cavolo lo tolgo... help
s4ndstorm
03-01-2007, 10:47
Salve a tutti, era un po che nn tornavo sul forum....
Ho un problema con winzozz come al solito, Ho installato opera al posto di internet explorer e ve lo consiglio xchè è velocissimo (x chi è ancora cn explorer) cmq. ho un problema che ogni tanto quando navigo il programma stesso (Opera.exe) richiama dwwin.exe,(credo che sia il dottor watson) Zone alarm me lo segnala ovviamente ma se metto consenti mi va in errore e si chiude, se metto nega mi chiude il browser lo stesso...
Mi sono accorto però che sulla cartella c:WINDOWS l'antivirus mi trova un sacco di file (virus o malware nn so) del tipo win32/wadspeld.Z che nn riesce a eliminare perchè sono caricati in memoria (ho provato manualmente) Ovviamente i file sono nascosti da nomi apparentemente innoqui del tipo Toshiba-Driver.exe...
Che fare? su questo tipo sulla rete nn si trova niente... HELP
che av hai? prova a fare una scansione on line con kaspersky e bitdefender.
che av hai? prova a fare una scansione on line con kaspersky e bitdefender.
a quanto pare vedo che sei messo maluccio, munisciti di antivirus e tool di rimozione, intanto resto in attesa dei software che utilizzi per la sicurezza
s4ndstorm
03-01-2007, 11:48
Uso zone alarm security suite aggiornato ogni giorno e spybot search and destroy aggiornato costantemente e con il resident acceso...
Ps) che tool di rimozione dovrei usare visto che se cerco wadspeld su google nn trova quasi niente...
PPs) Ho provato a fare un riavvio in modalità provvisoria per vedere se riuscivo a eliminare manualmente i file sospetti ma sembravano caricati in memoria visto che nn me li faceva eliminare, ho aperto il task manager x vedere se c'era qualche processo strano da killare, ma c'era solo la roba essenziale.... BOH dove cavolo sono eseguiti... nn ci capisco niente
bReAkDoWn
03-01-2007, 16:27
Potresti scaricare gmer (http://www.majorgeeks.com/download.php?det=5198) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurati che in entrambe le scansioni NON sia selezionata l'opzione show all e lascia tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e cerca di chiudere tutte le applicazion aperte.
Vedendo quei log potremo dirti esattamente dove intervenire.
wizard1993
03-01-2007, 18:36
e un antivirus più potente del CA
s4ndstorm
04-01-2007, 00:54
X wizard1993: cioè? NN è buono Zone alarm? io il norton nn lo metto...
AUTOSTART
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 01:51:08
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = c:\windows\system32\userinit.exe,"c:\docume~1\s4ndst~1\impost~1\temp\40.tmp",
Windows@AppInit_DLLs = \\?\C:\WINDOWS\com6.obv
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Autodesk Licensing Service /*Autodesk Licensing Service*/@ = "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"
mi-raysat_3dsmax8 /*RaySat_3dsmax8 Server*/@ = C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SolidWorks SolidNetWork License Manager /*SolidWorks SolidNetWork License Manager*/@ = C:\Programmi\SolidWorks\CRACK\lmgrd.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
YRQs /*YRQs*/@ = "C:\Programmi\File comuni\System\QnZ.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NWEReboot /*file not found*/ = /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\AcDwfThmbPrxy16.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{7D6FA9B2-C561-45E1-F818-43071CB7A6FA}C:\WINDOWS\cakai1.dll = C:\WINDOWS\cakai1.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000006@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000007@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000008@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000009@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000024@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = DSLMON.lnk
---- EOF - GMER 1.0.12 ----
bReAkDoWn
04-01-2007, 08:38
Ci sono segni di infezione da LinkOptimizer. E' consigliabile una rimozione manuale. Quindi dovresti scaricare the avenger da qua: http://swandog46.geekstogo.com/avenger.zip
Esegui seleziona input script manually, lente di ingrandimento, copia lo script nella finestra, click done, semaforo verde e rispondi di sì. Il pc sarà riavviato. Una volta riavviato comparirà un log dentro al notepad, copialo e riportalo sul forum. Se non comparisse prova a cercarlo dentro la cartella c:\avenger (o e:\avenger f:\avenger, a seconda di dove è installato windows).
Script da copiare:
registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Files to delete:
C:\WINDOWS\com6.obv
C:\Programmi\File comuni\System\QnZ.exe
C:\WINDOWS\cakai1.dll
c:\docume~1\s4ndst~1\impost~1\temp\40.tmp
registry keys to delete:
HKLM\system\controlset003\services\YRQs
HKLM\system\controlset002\services\YRQs
HKLM\system\controlset001\services\YRQs
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D6FA9B2-C561-45E1-F818-43071CB7A6FA}
Dopo il riavvio esegui hijackthis (www.merijn.org), seleziona do a system scan only, spunta la linea che inizia per f2 e contiene c:\windows\system32\userinit.exe,"c:\docume~1\s4ndst~1\impost~1\temp\40.tmp", e premi fix checked.
Potresti anche eseguire una scansione con questo: http://securityresponse.symantec.com/avcenter/FixLinkopt.exe , eseguendolo con Windows in modalità provvisoria.
Infine, per controllare l'esito della pulitura, puoi rieffettuare le scansioni autostart, ed anche rootkit, con gmer e copiare il risultato sul forum.
per sicurezza interpretate anche il mio log di gmer?
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-04 11:02:24
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT pxfsf.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT pxfsf.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP A9B99760 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP A9B99C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, F8, 68, BA, 83, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ B5, F8, 68, BA, BF, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 12 Bytes [ DD, F8, 68, BA, E7, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23F4 805010F8 24 Bytes [ FB, F8, 68, BA, 05, F9, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 37, F9, 68, BA, 41, F9, 68, ... ]
.text ...
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540ABA 7 Bytes JMP A9B9CCD0 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE33B46 7C9DE9F8 4 Bytes [ 04, 03, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE33B56 7C9DEA08 4 Bytes [ 00, 04, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34A96 7C9DF948 4 Bytes [ 54, 04, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34AB2 7C9DF964 4 Bytes [ 82, 03, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34AC6 7C9DF978 4 Bytes [ 58, 03, F4, 00 ]
---- Threads - GMER 1.0.12 ----
Thread 4:176 8A5CAA20
Thread 4:180 8A5AAC60
Thread 4:184 8A5AAC60
Thread 4:412 8A5CAA20
Thread 4:476 8A5CAA20
Thread 4:3444 884AD5B0
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION CBD8DCED4A898C431C10FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B5559DB7CE019D40AA5C68DA28F9B1B06CCDF15704AD89ED03C182A24ED363F6DE445E08F05784CDE4D4715FF84426350FC906033CE0A88CD2887A190B90D677229C959C7493C15E7412E34E920A23BBDC2B24E0F5CDD935395EC980911DE60CE9A58627BC908DD31E23EBC2CD66F286AE8E1BA4B115D75B86727ECBA73D60F29DC51E767C5965D88444FA0763C961CC7F21FAB8532FE1DE2F0AECA27B8E11DB4AF4148EC8CD498AECC1469D727A413AEDA71BB92063B91B4A7DABDD1E7DCC6CA2C15DA69A21BEFBC27E47B9FC90E7EC3C79957AC5CF275A9439168C024D6CBD794C39A9CEDC4E3112EF3AC469792EF7D2024980D167F25CED3D4AF181164ADCC9492537A75A83A50D22A15902F47463BABFD68339EFED57599CAC045842C64AAD83E6A3CBCA70480BB1414B759899A824C6A572D281E8F07E01E4EC250F46FBE8D885F5C131A8780452239B57CB0438E1BCDFEE598B3C46ABA65D0CEE90AE5ADEB74D6AF7E6458E184915851B4D9D746A5EF2CEEB4FC1E7CDDDC3721DAD6D4298A750EEC11662D48671A6F39D2CD3B458FA119A8F62D7D8FA0B8D69FB21708443C15FA8513F2286B7392E081D4E994
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS C:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4
---- EOF - GMER 1.0.12 ----
autostart:
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 11:02:47
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent@DLLName = Ati2evxx.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc /*Acronis Scheduler2 Service*/@ = "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
AVP /*Kaspersky Internet Security 6.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
btwdins /*Bluetooth Service*/@ = C:\Programmi\Software Bluetooth\bin\btwdins.exe
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe" /*file not found*/
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Acronis?True?Image Monitor(null) =
@Acronis Scheduler2 Service"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" = "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
@REGSHAVEC:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN = C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
@HPHmon04C:\WINDOWS\system32\hphmon04.exe = C:\WINDOWS\system32\hphmon04.exe
@OmnipageC:\Programmi\ScanSoft\OmniPageSE\opware32.exe = C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
@LVCOMSXC:\WINDOWS\system32\LVCOMSX.EXE = C:\WINDOWS\system32\LVCOMSX.EXE
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@Babylon ClientC:\Programmi\Babylon\Babylon.exe -AutoStart = C:\Programmi\Babylon\Babylon.exe -AutoStart
@Motive SmartBridgeC:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" = "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
@CnxDslTaskBar"C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" = "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@Pinnacle WebUpdater"C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles = "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
@PMCRemoteC:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@AVP"C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@AudioHQUC:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE = C:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE
@PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
@LogitechSoftwareUpdateC:\Programmi\Logitech\Video\ManifestEngine.exe boot = C:\Programmi\Logitech\Video\ManifestEngine.exe boot
@PMCS"C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
@SUPERAntiSpywareC:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\BTNEIG~1.DLL = C:\WINDOWS\system32\BTNEIG~1.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} /*OODefrag*/C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{A5366673-E8CA-11D3-9CD9-0090271D075B}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A887298-BC2E-42EA-9F76-A597293A834B} /*Connessione 1394*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk
Exif Launcher.lnk = Exif Launcher.lnk
---- EOF - GMER 1.0.12 ----
grazie
s4ndstorm
06-01-2007, 12:11
scusate il ritardo ecco quà:
Ps9)nel prompt dopo il riavvio ho visto x un attimo che nn riusciva a trovare alcuni file tipo C:/Reboot.exe comunque vi posto il log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xdtpimwp
*******************
Script file located at: \??\C:\Program Files\inhmcubq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\com6.obv deleted successfully.
File C:\Programmi\File comuni\System\QnZ.exe deleted successfully.
File C:\WINDOWS\cakai1.dll deleted successfully.
File c:\docume~1\s4ndst~1\impost~1\temp\40.tmp not found!
Deletion of file c:\docume~1\s4ndst~1\impost~1\temp\40.tmp failed!
Could not process line:
c:\docume~1\s4ndst~1\impost~1\temp\40.tmp
Status: 0xc0000034
Registry key HKLM\system\controlset003\services\YRQs not found!
Deletion of registry key HKLM\system\controlset003\services\YRQs failed!
Could not process line:
HKLM\system\controlset003\services\YRQs
Status: 0xc0000034
Registry key HKLM\system\controlset002\services\YRQs deleted successfully.
Registry key HKLM\system\controlset001\services\YRQs deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D6FA9B2-C561-45E1-F818-43071CB7A6FA} deleted successfully.
Completed script processing.
bReAkDoWn
06-01-2007, 13:59
La rimozione con TheAvenger è andata a buon fine. Il rootkit dovrebbe essere inattivo. Se ne vuoi conferma rifai i log con gmer.
E' molto probabile che siano rimaste nel sistema delle tracce inattive e innocue del virus, puoi fare una scansione con un antivirus.
Infine prova a cercare dentro programmi\file comuni\system file comuni\services e file comuni\microsoft shared se ci sono dei file dai nomi causali e di colore verde. Quelli puoi eliminarli tutti, manualmente o con questo http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
se manualmente non riesci.
Puoi anche eliminare l'utente fittizio, dal nome casuale, tramite start menu -> esegui -> LUSRMGR.MSC
In caso di dubbio chiedi pure.
wizard1993
06-01-2007, 14:11
e chi ti consiglia norton; anzi... io dico che il motore di scansione ca utilizzato dalla zone labs nella sua security suite fa letteralmente un figura di m rispetto a motori quali quello di antivir kaspersky bitdefender o mcafee. tanto che la zone labs a deciso di passare al motore del kaspersky, molto più efficente. questi sono dati emersi dai test; non li ho inventati
s4ndstorm
07-01-2007, 02:26
grazie a tutti dei consigli purtroppo però i file infetti .exe su c:WINDOWS (quelli con falsi nomi di driver rimangono) e penso siano quelli che causano problemi con opera e altre applicazioni... ora proverò a navigare e vedere se mi richiama dwwin.exe ma penso che continui a farlo.... :doh:
x wizard1993: Grazie dei consigli quindi mi consigli di cambiare antivirus? o visto che zone alarm utilizza il motore di kaspersky di tenermelo??
bReAkDoWn
07-01-2007, 10:24
manca comunque il log rootkit di gmer, per adesso hai mandato solo quello autostart.
Ricreali entrambi così vediamo la situazione completa; magari c'era qualcos'altro oltre a quello che abbiamo rimosso. Infine potresti elencare qualche nome dei file infetti presenti in windows, e se l'antivirus li riconosce come infetti, riportare anche il nome del virus rilevato?
wizard1993
07-01-2007, 10:31
grazie a tutti dei consigli purtroppo però i file infetti .exe su c:WINDOWS (quelli con falsi nomi di driver rimangono) e penso siano quelli che causano problemi con opera e altre applicazioni... ora proverò a navigare e vedere se mi richiama dwwin.exe ma penso che continui a farlo.... :doh:
x wizard1993: Grazie dei consigli quindi mi consigli di cambiare antivirus? o visto che zone alarm utilizza il motore di kaspersky di tenermelo??
lo zone alarm utilizzerà il kasper; ancora è non è uscita la versione 7
s4ndstorm
07-01-2007, 13:56
ecco quà non me ne ero accorto... :D
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-07 14:55:31
Windows 5.1.2600 Service Pack 2
---- Devices - GMER 1.0.12 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 8621C9A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8621BF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_READ 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8621C898
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8658A940
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865D5498
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 865D56D0
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLEANUP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_MAILSLOT 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CHANGE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DIRECTORY_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FLUSH_BUFFERS 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_LOCK_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_READ 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SHUTDOWN 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_WRITE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CLOSE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_PNP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_POWER 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_READ 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_WRITE 8621C790
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_PNP 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8605E970
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85C36A70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85ED20E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86070A48
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86070A48
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86071A10
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EF9CE8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EF9CE8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85ED70E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86298AB8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8606ACF0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8629F680
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8606FEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8658A550
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8658A688
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86043030
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85F00EB0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85E0B030
---- System - GMER 1.0.12 ----
INT 0x0E \SystemRoot\System32\DRIVERS\haspnt.sys BAC32FC2
INT 0x06 \SystemRoot\System32\DRIVERS\haspnt.sys BAC3316D
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
---- Modules - GMER 1.0.12 ----
Module _________ F7310000
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\00\100-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v100-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\01\101-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v101-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\01\86-{C100622E-6C6A-EA81-4BC2-679C534DDC68}-v1-{ED2ACAC0-0488-40C8-AD6D-088646815037}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\03\103-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v103-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\04\104-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v104-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\05\105-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v105-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\06\106-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v106-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\07\107-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v107-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\08\108-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v108-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\09\109-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v109-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\10\110-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v110-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\11\111-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v111-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\13\113-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v113-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\14\114-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v114-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v114-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\16\116-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v116-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v116-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\18\118-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v118-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\19\119-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v119-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\20\120-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v120-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\21\121-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v121-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\22\122-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v122-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\23\123-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v123-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\24\124-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v124-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v124-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\26\126-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v126-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\27\127-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v127-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\51\51-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v51-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\52\52-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v52-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\53\53-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v53-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\54\54-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v54-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\55\55-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v55-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\56\56-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v56-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\57\57-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v57-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\58\58-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v58-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\59\59-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v59-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\60\60-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v60-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\61\61-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v61-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\62\62-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v62-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\63\63-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v63-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\64\64-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v64-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\65\65-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v65-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\66\66-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v66-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\67\67-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v67-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\69\69-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v69-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\70\70-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v70-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v70-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\71\71-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v71-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\72\72-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v72-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\73\73-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v73-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\78\78-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v78-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v78-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\81\81-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v81-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\82\82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\82\82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\83\83-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v83-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\84\84-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v84-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\86\86-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v86-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\87\87-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v87-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\89\89-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v89-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v89-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\91\91-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v91-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\92\92-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v92-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\93\93-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v93-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\94\94-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v94-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\95\95-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v95-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\96\96-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v96-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\97\97-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v97-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\chriscornell@freemail.it\SharingMetadata\massoema@hotmail.com\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\99\99-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v99-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 805010EC 8 Bytes [ 60, 77, 4C, F4, 80, 79, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 80, 01, 4B, F4, 30, 93, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805011B4 8 Bytes [ C0, D9, 4A, F4, F0, 94, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 26EC 805013F0 8 Bytes [ 30, D8, 4A, F4, B0, 90, 3D, ... ]
---- EOF - GMER 1.0.12 ----
s4ndstorm
07-01-2007, 14:02
Ah dimenticavo... i file sospetti sono quelli che ho descritto nel primo post...
bReAkDoWn
07-01-2007, 14:21
Rootkit attivi non ne vedo.
Probabilmente è rimasto ben poco.. dimmi una cosa: questi file in windows sono rimasti sempre gli stessi ma non si cancellano, oppure ti sembra che cambino in nome e in numero da riavvio a riavvio o comunque nel tempo..?
s4ndstorm
07-01-2007, 23:05
eh la prima ipotesi, sono sempre gli stessi ma se provo ad eliminarli non me lo lascia fare esattamente come se fossero caricati in memoria...
Cmq ho notato una cosa strana quando provo ad eliminarli non mi compare subito la finestra "Sei sicuro di voler eliminare...ecc" ma sta uno o due secondi a caricare il pc come se stesse partendo il processo x impedire l'eliminazione.
E poi a volte quando li seleziono mi si apre la finestra di zone alarm con il nome di quel file che mi dice che è un virus del tipo win32/wadspeld.Z ma che non può eliminare.... :(
bReAkDoWn
08-01-2007, 08:31
Prova ad eliminarli, per vedere se si ricreano.
The avenger lo hai già utilizzato, utilizza il semplice script qua sotto, aggiungendo i nomi degli altri file da eliminare, completi di percorso completo, quindi c:\windows\nomefile
Files to delete:
c:\windows\Toshiba-Driver.exe
s4ndstorm
08-01-2007, 18:32
ecco il log di avenger nn li ha eliminati nemmeno lui..... :(
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ewlcwjfw
*******************
Script file located at: \??\C:\Program Files\syimkgur.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\Toshiba-Driver.exe deleted successfully.
File c:\windows\CanonMonitor.exe deleted successfully.
File c:\windows\Cisco-Utility not found!
Deletion of file c:\windows\Cisco-Utility failed!
Could not process line:
c:\windows\Cisco-Utility
Status: 0xc0000034
File c:\windows\CompaqSensor not found!
Deletion of file c:\windows\CompaqSensor failed!
Could not process line:
c:\windows\CompaqSensor
Status: 0xc0000034
File c:\windows\LexmarkStorage not found!
Deletion of file c:\windows\LexmarkStorage failed!
Could not process line:
c:\windows\LexmarkStorage
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tliceavi
*******************
Script file located at: \??\C:\WINDOWS\oklyypbu.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\Toshiba-Driver.exe not found!
Deletion of file c:\windows\Toshiba-Driver.exe failed!
Could not process line:
c:\windows\Toshiba-Driver.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
bReAkDoWn
08-01-2007, 18:37
ecco il log di avenger nn li ha eliminati nemmeno lui..... :(
File c:\windows\Toshiba-Driver.exe deleted successfully.
File c:\windows\CanonMonitor.exe deleted successfully.
Questi li ha cancellati. Vuoi dire che si sono ricreati?
Questi invece non li ha proprio trovati:
File c:\windows\Cisco-Utility not found!
File c:\windows\CompaqSensor not found!
File c:\windows\LexmarkStorage not found!
Non è che magari hai omesso l'estensione .exe nello script?
Ciao
s4ndstorm
08-01-2007, 18:53
si scusami mi sono sbagliato quei due li ha eliminati e gli altri nn ho messo .exe... Grazie mille, ora cambierò antivirus x vedere se trova qualcosa....
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.