Win32:dialer-1060 [Archivio] - Hardware Upgrade Forum

slucc

27-10-2007, 23:52

Salve... chiedo il vostro aiuto perchè anche a me all'avvio del pc avast segnala per ben 3 volte il Win32:dialer-1060(trj).
Ho provato con avast in modalità provvisioria, ad aware, a-squared ma il problema sussiste. ho letto altri post e credo vi sia utile il mio log di HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.51.45, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.781\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159128200864
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photocity.it/areaclienti/inviafoto/ImageUploader4.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://webgames.d.tmsrv.com/c=6db12c5e4975014b4741511e18f30e75/aff=t_agi_wg/p/release/sonypictures/wg_davincicode/davincicode/DVCDownloadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 9811 bytes

Spero di aver fatto la cosa giusta, non conosco questo software e per questo vi chiedo aiuto! (sono ben accetti anche altri suggerimenti su altri possibili programmi "sospetti"...)
Grazie infinite.... Simona

juninho85

28-10-2007, 01:01

servono:
1)log di gmer
2)log di findawf
3)log di hijackthis con startup list

slucc

28-10-2007, 01:13

scusa la domanda, ma ome faccio a fare il log di hijack con startup list?:mc:

juninho85

28-10-2007, 01:16

clicchi su generate startup list log

slucc

28-10-2007, 01:19

scusa per la mia ignoranza....:doh: eccola:

StartupList report, 28/10/2007, 1.19.06
StartupList version: 1.52.2
Started from : C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.750\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.969\gmer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.750\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\TATI\Menu Avvio\Programmi\Esecuzione automatica]
Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus D68 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
OODefragTray = C:\WINDOWS\system32\oodtray.exe
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime
Babylon Client = C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
NeroFilterCheck = C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
NBKeyScan = "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
a-squared = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
a-squared Anti-Dialer = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus D68 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
IncrediMail = C:\Programmi\IncrediMail\bin\IncMail.exe /c
Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
Picasa Media Detector = C:\Programmi\Picasa2\PicasaMediaDetector.exe
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Skype add-on (mastermind) - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Programmi\QuickTime\QTPlugin.ocx
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programmi\Yahoo!\Common\yinsthelper.dll

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159128200864

[Image Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
CODEBASE = http://www.photocity.it/areaclienti/inviafoto/ImageUploader4.cab

[DVCDownloadControl]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DVCDOW~1.OCX
CODEBASE = http://webgames.d.tmsrv.com/c=6db12c5e4975014b4741511e18f30e75/aff=t_agi_wg/p/release/sonypictures/wg_davincicode/davincicode/DVCDownloadControl.cab

[Photodex Presenter AX control]
InProcServer32 = C:\PROGRA~1\PHOTOD~1\pxplay.ocx
CODEBASE = http://www.photodex.com/pxplay.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Aurigma Image Uploader 2.5]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IMAGEU~1.OCX
CODEBASE = http://www.digitalpix.it/controls/ImageUploader2.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Programmi\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\TATI\Cookies\index.dat

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 9.151 bytes
Report generated in 0,094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Riverside

28-10-2007, 01:20

Salve... chiedo il vostro aiuto perchè anche a me all'avvio del pc avast segnala per ben 3 volte il Win32:dialer-1060(trj).
Ho provato con avast in modalità provvisioria, ad aware, a-squared ma il problema sussiste. ho letto altri post e credo vi sia utile il mio log di HiJackThis

Disabilita il Ripristino configurazione di sistema, ed inizia con il fixare questi voci:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" –atboottime

O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe –AutoStart

O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://webgames.d.tmsrv.com/c=6db12c...oadControl.cab

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB

Poi:

installa JAVASUN: clicca qui per il download (http://www.java.com/it/)

Prosegui seguendo le indicazioni di Juninho:
servono:
1)log di gmer
2)log di findawf
3)log di hijackthis con startup list

GMER:
clicca qui per il download (http://www.gmer.net/gmer113.zip)
Utility Antirootkit in grado di rilevare molte informazioni nascoste di Windows

FINDAWF: clicca qui per il download (http://www.alground.com/site/modules/mydownloads/visit.php?cid=3&lid=6)
Tool per la rilevazione della directory BAK e per la rimozione del Trojan.win32.Obfuscated.dr

Pubblica, nella discussione, i log di GMER e FIDAWF utilizzando la funzione Gestisci Allegati ed attendi che qualcuno li analizzi e ti suggerisca come procedere.

Riverside

28-10-2007, 01:34

scusa ..... C:\WINDOWS\System32\alg.exe

Utilizzi il firewall integrato di Windows XP?

in ogni caso, esegui, anche, una scansione da qui:
BITDEFENDER ONLINE SCANNER clicca qui per lo scan online (http://www.bitdefender.com/scan8/ie.html)
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● pubblica, qui, il Report che verrà rilasciato

slucc

28-10-2007, 01:36

ok... ho fixato gli errori... e adesso sta andando gmer, ma credo ne abbia per un po'.... Domani vi posto i log...
Grazie infinite intanto per l'aiuto....
Simona

slucc

28-10-2007, 01:38

ops... questo ve lo mando.... gmer sta frullando.... A domani

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

slucc

28-10-2007, 01:39

scusa l'ho visto adesso... si, il firewall di xp è attivato.

Riverside

28-10-2007, 01:41

ops... questo ve lo mando....
Ok Simona :flower: benvenuta nel girone dei dannati ;)
Il log è pulito; devi, comunque, proseguire con il resto.
scusa l'ho visto adesso... si, il firewall di xp è attivato.
Meglio cosi, almeno non abbiamo a che fare con un altro trojan.

slucc

28-10-2007, 01:45

Grazie... della serie "lasciate ogni speranza voi ch'entrate....". Ok
adesso vado a letto.. domani di prima mattina vi mando il log di gmer (che spero abbia finito e di bitdefender. Grazie e Buonanotte!:ronf:

Gle89

28-10-2007, 13:04

Simona,ci sono novità?

slucc

28-10-2007, 13:19

Ehi grazie, ci soo... ieri sera praticamente si è impallato il pc.... stamani l'ho riacceso ma avast da ancora il dialer. st facendo fare gmer, pi ho pensato di postarvi di nuovo tutti i log (visto che ho fixato gli errori eche cmq c'è stato un riavvio)... vi ringrazio.... ps ma è normale che gmer ci metta così tanto? ...è un pezzetto che sta analizzando una voce di registro (credo) \registry\USER\S-1-2-21-etc etc....

Gle89

28-10-2007, 13:32

Intanto riposta un log di HJT,vai :D

slucc

28-10-2007, 15:05

Allora ecco i log che per adesso ho pronti.... un appunto.. gmer mi avvertiva che ha rilevato attività di rootkit....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.59.46, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\TATI\Desktop\SetupProgrammi\ANTIVIRUS\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159128200864
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photocity.it/areaclienti/inviafoto/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8891 bytes

GMER

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-28 14:58:31
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01022783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0102242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F92E3D4
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 02982783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0298242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9479D4
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1D, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1404] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01412783; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0141242E; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9322D4
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, E6 ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, E6 ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92C7D4
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\Messenger\msmsgs.exe[1636] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Messenger\msmsgs.exe[1636] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01552783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0155242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9336D4
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[2836] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, DC ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, DC ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92BDD4
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ 68, 83, 27 ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 02, C3 ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ 68, 2E, 24 ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 02, C3 ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtQuerySystemInformation 7C91E1AA 3 Bytes CALL 3F93E1D4
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtQuerySystemInformation + 4 7C91E1AE 2 Bytes [ 02, C3 ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\WgaTray.exe[3296] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] ws2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\WgaTray.exe[3296] ws2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01232783; RET C:\WINDOWS\syss.dll
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0123242E; RET C:\WINDOWS\syss.dll
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9304D4
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[3332] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[3332] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[3332] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\service32.exe[3680] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[3680] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\service32.exe[3680] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[3680] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\service32.exe[3680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\service32.exe[3680] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\service32.exe[3680] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\service32.exe[3680] SHELL32.DLL!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, 92 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, 92 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9273D4
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, 91 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, 91 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9272D4
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 011F2783; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 011F242E; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9300D4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01032783; RET C:\WINDOWS\syss.dll
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0103242E; RET C:\WINDOWS\syss.dll
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F92E4D4
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[3936] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\oodtray.exe[3936] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 02042783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0204242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F93E5D4
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 07, EA, C3, 83 ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, 9F ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, 9F ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9280D4
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!OpenProcess 7C8309E1 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[4032] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 6 Bytes JMP 5F130F5A

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82340B10

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B9B6BF76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B9B6A812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B9B6A812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F87A58E6] aswTdi.SYS

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EAD5B8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82229B58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EAD5B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 81FC4848
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 81FC4848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 81EAD5B8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 81EAD5B8
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8206ACA0

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F87A58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F87A58E6] aswTdi.SYS

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82374460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82374460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82234368
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8221AB40
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_READ 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 82209530
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 82209530
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8221FF20
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8221FF20
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8221FF20
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8221FF20
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8221FF20
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82217490

---- Modules - GMER 1.0.13 ----

Module _________ F8450000-F8468000 (98304 bytes)

---- Processes - GMER 1.0.13 ----

Process C:\WINDOWS\service32.exe (*** hidden *** ) 3680

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\6G98D2X74V
Reg \Registry\MACHINE\SOFTWARE\6G98D2X74V@6G98D2X74V 0x41 0xE8 0x7B 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\6G98D2X74V@6G98D2X74V 0x41 0xE8 0x7B 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@6G98D2X74V C:\WINDOWS\service32.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 139D978DB8141BF80522B485F4CDA3327B1DF2D86E2C3A25A79206B6B814D302C767C86CDD15B02F40ADE07136E183C2B53D7645D98835C6C118FE18118531CC3C268ACBE8A8C3D102BEB44045BD877363FE926B129268F60EF13FC9F8472D17130A6D1B2FEB98B1F8E9136BCE749632DDFD1A733E73FADF2C5FAB42313552EA5796063AAC91BA53B697DFE1A5ACDA21DF266278AAE757619E742DE71E3FE801F5226D81FC60F5EFB10407084222429309B9C78B483F2D8CD095AC9A486C054BC15BBF3A64325BF345C1F433BEA4FD94DB4E27302ADEEFA80D7F9C29DD55F66BEDBF9DA0C575407EAEB39A2FD9178561BF4F635EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14079DB7CE019D40AA5C5D575E7D6A3B98086A5FBB9F3FA28C42F49AFB043E62E2A0543980208E0A76374E0491B0C700A2CA86C5429E42E8D480CF3D1F774342C0B5A15A6CAEA7C928B1884EF6322838B09CB771EE54B047C9D120EC58F63B09A5F81EC00C19C816BAF2AD9040245FFEE1153CC62D189F1BF43B7D043777E51B8B1ADA5DAE917B753B7868709F16DDA0F39F75C22FF70A95E4B121718B2265ABF03E8A33657F2DC33733842507C9F83CA7996971EA32CD3AAAA1EA3AEB5542465A7A855B8A7D2CAE4387F47D303
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 320B135FB9F215962496B6E783B03974F0ACF531E080D43B26EB273181203F264C90102410F2384C28B1B70CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB34529DB7CE019D40AA5C470A981A9D0D6DBD3968FD05C6AF145B6BFD6C16416115A7EC5B7451ECC8296C72ADA7464DB3E283D34CE2ACC8517ECE161933427FBCCA0D0432C00029D1A0EC58754D230BD667847AC9447BF9762D044844D7176B874D466E1B30AE9722A2ADD8612970AF8F57CF259523911BFB2F74310DDCB34F8079DB381667982DFE00E0F805A027F64711E6707BC342520E140DA88E86E65A3D32C60F364AA941810A305E8957F082BBF8BB9E562D942AB370B1A8FC5EB69E265B79C4A185838D9797B7572BBB2DD58076BA93992CC30D445D374D1EB15B1379E0535214057CB304828551BA7A6D597D76BE57C8D041CDE9F667DACC11C011462FADD1DD7B1EB5DBAA9FE29B87F7D9EBE71A19FDEFAE23A55E81B4765208D7F137D202E1E0257B88F27E41C59AC807DA3C1128E420E3A4CAB8B6671D8D8488B5EE02C5166C8450C8C18B4A47AE0CF5ADEEDC7AC13F6DD002ADAC9FD7A1C0AB9D526EA3871E60E3AD00297D3E82A79E9BF82AA767EC0A0846EAFEAE50AD77298BDABD4754B712C89C9E2A7E6098A

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\TATI\Preferiti\PIETRO\Sviluppare un ritratto in digitale :favicon

---- EOF - GMER 1.0.13 ----

slucc

28-10-2007, 15:12

a proposito... nonn riesco a fare lao scan online di bitdefender perchè da il messaggio "impossibile copiare oscan81.ocx-x"... devo farlo in mod provvisoria o fare quache altra manovra?

juninho85

28-10-2007, 18:12

ok,ora avvia avenger (http://www.megalab.it/articoli.php?id=946) con questo script:
Files to delete:
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\service32.exe
Registry keys to delete:
HKLM\SOFTWARE\6G98D2X74V
Registry values to delete:
HKLM\\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 6G98D2X74V

slucc

28-10-2007, 18:33

:p :D :D :D
Fatto anche avenger ed in effetti dopo il riavvio non ho più avuto il mex si avast sul dialer..... Cosa devo fare ora? Sono a posto? Mi consiglite una scansione o altri programmi da usare?
.....ragazzi siete stati FANTASTICI...!!!!:ave: :ave: :ave: :friend:
:)

juninho85

28-10-2007, 18:34

nulla,ora devi solo goderti il tuo pc :D

anzi...se volessi inviarmi il file zippato contenuto in c:\avenger per email te ne sarei grato :)

slucc

28-10-2007, 18:38

oK... Te lo invio volentieri.... mi dici però dove te lo mando? qui sul forum?

juninho85

28-10-2007, 19:04

grazie simona da simone:D

sconcertante comunque quanti AV ancora non sono in grado di rilevare e rimuovere il dialcall:muro:
link (http://www.virustotal.com/it/resultado.html?847224fae7e3b7c0fd2c25253104b679)

Riverside

28-10-2007, 22:21

nulla,ora devi solo goderti il tuo pc :D
anzi...se volessi inviarmi il file zippato contenuto in c:\avenger per email te ne sarei grato :)
Il solito goloso, cascamorto ;) ..... eddai Juninho, almeno un ultimo log di Hthis ..... :D

juninho85

28-10-2007, 22:40

Il solito goloso, cascamorto ;) ..... eddai Juninho, almeno un ultimo log di Hthis ..... :D
guarda per ora acchiappo solo trojan e zozzerie varie,donzelle zero :D

Riverside

28-10-2007, 22:56

guarda per ora acchiappo solo trojan e zozzerie varie,donzelle zero :D
Juni, non ti lamentare .... non sei il solo :( :cry: