ciao ragazzi, oggi ho scoperto che qualcosa ha mandato dalla mia casella di posta a tutti i contatti che ho delle mail di questo presunto sito ("Hello, act immediately !") ovviamente senza il mio consenso. google sembra non saperne niente, credo sia un nuovo worm che si passa tramite msn. non ho idea di come l'ho preso, anche perche' uso nod32 e spybot, ovviamente aggiornati.

idee? consigli? il pc risulta pulito, lo scan di hijackthis e' ok.

ciao ragazzi, oggi ho scoperto che qualcosa ha mandato dalla mia casella di posta a tutti i contatti che ho delle mail di questo presunto sito ("Hello, act immediately !") ovviamente senza il mio consenso. google sembra non saperne niente, credo sia un nuovo worm che si passa tramite msn. non ho idea di come l'ho preso, anche perche' uso nod32 e spybot, ovviamente aggiornati.

idee? consigli? il pc risulta pulito, lo scan di hijackthis e' ok.

c'è la guida per la rimozione in cima alla sezione per la procedura, mi raccomando posta tutti i log del caso

dunque, come ho detto il log di hijackthis e' pulito:

Logfile of HijackThis v1.99.1
Scan saved at 22.14.52, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\CCleaner\ccleaner.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 216.107.242.199 l2authd.lineage2.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165355099984
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




MSNFix mi viene rilevato (falso positivo?) come infetto da Win32/PrcView da nod32; in attesa lo lascio un po' in sospeso.

Log di Livekill e' anch'esso pulito (se non fosse che mi segnalava un altro txt di log in C:\ insolitamente grande -1.5mega- come virus, cosa che in realta' non era):

sabato 29 dicembre 2007 22.25.23 build 1256

Microsoft Windows XP Professional(it-IT)
479 Mo (RAM)
Last DataBase update : 1.610
C:\Programmi\LiveKillCleanMessenger
NORMAL MODE

There is not any virus on your computer !

Non c'è attinenza specifica tra un problema determinato dalla casella di posta di hotmail e MSN Messenger, benché client di posta e di messaggistica siano strettamente legati e correlati.
In definitiva, posso escludere a priori una infezione presa attraverso il client di messaggistica immediata.
Tra l'altro, non sei il primo che segnala, sul forum, casi di invio messaggi non voluti da Hotmail.
Sarebbe appena il caso di contattare il servizio di HelpDesk di MSN Hotmail, per ottenere chiarimenti in merito.
Altro non saprei suggerirti.

scan con gmer

scan con gmer:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-30 01:00:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F60D962C 5 Bytes JMP 84D47868
? System32\Drivers\af21a1p8.SYS Impossibile trovare il file specificato.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F73A197E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73A192A] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BCB4E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73A197E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F738DAB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738DBFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F738DB7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F738E728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F738E5FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A0C5A] sptd.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 84F941E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 84F941E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B9346FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B9346BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B93473D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B934767A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B934767A] amon.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 84686980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 84686980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 84D6A688
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 850061E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 850061E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 84D791E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 84F971E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_CREATE 84C99508
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_CLOSE 84C99508
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_INTERNAL_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_CLEANUP 84C99508
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F973C40-B6C8-49A7-ABDF-2E1B1AFF8593} IRP_MJ_PNP 84C99508
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 84F971E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 84EF61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 84EF61E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 84C99508
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 84C99508
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 84C99508
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 84C99508
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_CREATE 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_CLOSE 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_DEVICE_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_INTERNAL_DEVICE_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_POWER 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_SYSTEM_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2Port0 IRP_MJ_PNP 850031E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 84C99508
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 84C99508
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 84C99508
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 84C99508
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 84C99508
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_CREATE [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_CREATE_NAMED_PIPE [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_CLOSE [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_READ [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_WRITE [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_QUERY_INFORMATION [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SET_INFORMATION [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_QUERY_EA [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SET_EA [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_FLUSH_BUFFERS [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_QUERY_VOLUME_INFORMATION [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SET_VOLUME_INFORMATION [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_DIRECTORY_CONTROL [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_FILE_SYSTEM_CONTROL [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_DEVICE_CONTROL [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_INTERNAL_DEVICE_CONTROL [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SHUTDOWN [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_LOCK_CONTROL [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_CLEANUP [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_CREATE_MAILSLOT [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_QUERY_SECURITY [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SET_SECURITY [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_POWER [F739BDB8] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SYSTEM_CONTROL [F73B6344] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_DEVICE_CHANGE [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_QUERY_QUOTA [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_SET_QUOTA [F73B9F18] sptd.sys
Device \Driver\PCI_NTPNP5614 \Device\0000004e IRP_MJ_PNP [F73B72D0] sptd.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 84D6A688
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_CREATE 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_CLOSE 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_DEVICE_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_INTERNAL_DEVICE_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_POWER 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_SYSTEM_CONTROL 850031E8
Device \Driver\sbp2port \Device\Sbp2\Oxford Semiconductor Ltd. &OXFORD IDE Device &0&0030e001_e00007f9_Instance00 IRP_MJ_PNP 850031E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 84D6A688
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 84D6A688
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 84CC51E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 84D791E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 84D791E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 84CC51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 84CC51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 84F971E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 84F971E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_CREATE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_CLOSE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_POWER 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 IRP_MJ_PNP 850051E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CREATE 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CLOSE 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_DEVICE_CONTROL 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_POWER 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_SYSTEM_CONTROL 84F951E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_PNP 84F951E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_CREATE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_CLOSE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_INTERNAL_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_POWER 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_SYSTEM_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1 IRP_MJ_PNP 850051E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_CREATE 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_CLOSE 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_DEVICE_CONTROL 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_INTERNAL_DEVICE_CONTROL 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_POWER 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_SYSTEM_CONTROL 84C9A1E8
Device \Driver\af21a1p8 \Device\Scsi\af21a1p81 IRP_MJ_PNP 84C9A1E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_CREATE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_CLOSE 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_POWER 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_SYSTEM_CONTROL 850051E8
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 IRP_MJ_PNP 850051E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 84686980
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 84686980

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B9346FE2] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B9346BEC] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B93473D4] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B934767A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B934767A] amon.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 84DA9558
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 84DA9558

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 3ABA0B3580C43005509575982989FBCB84C2F0070FC65C30E8975AC44EFB59F872CFB4B7E709AE6F61D340192FE127B937DC2A794D94927BBB5A3E8CC89BC7D99533394C2905373771512068A2E30D58B27CAA08D699E3444308BE58A062857D6150FA6E76C3C20E8C05CD77D3B8CF60F5C527393D3AB9E18F13AAE2C894E70296057F2C448630F745D8AA4859BD785985D176245893E505B261EF78FAA728DDF8A270A74C41C1CCB1AD37F20FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B9808A9C6AECB7A5D1407E9B7E49B769090F55FC1B8C02EBDA0C89BC8E96CD0BFB7F1D26DE7486BD3854EC27FAD32FD2969F0984C462449FAA90E2884A8A46B436EFC6CACDD57CA6A17455F9FFA8AD59A58401E22E7620C942CC15985F70C5B9C93DBA05856884FF5272AEFA93901086976B39A5EECA90D643854798F2D4065A1CD41757DCA0B876210915715A77490B9F1E1EE00FB2CD66971FE064972E4C2C8D425270C8A13FAC0BE542D385ACA63560EA2B0688D20E9C60DB731BE449F1D2E73432258B8D82146330D3E5339ECE52D2014275FED3DB6C2D8405EDE751C16120B988B9B4B96E8CB059B08067EC7F25013964F8E3D43284932972A7D2C0941D8106A37F00E8B304EDB263FD6B

---- EOF - GMER 1.0.13 ----


credo che sia un worm di msn semplicemente dal fatto che un'amico mio ha un worm che ogni mezz'oretta spamma le classiche richieste di file transfer "here's my new pic, u think i look ugly?" e menate di sto tipo. ovviamente non ho mai accettato niente di tutto cio', e l'ho bloccato in via preventiva :s

non so se e' un problema diffuso, mandero' un'email a quelli di hotmail, vediamo cosa ne esce fuori.