Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina Win32:Dialer-1060 [Trj]

FRITZ!Repeater 1700 estende la rete super-veloce Wi-Fi 7
FRITZ!Repeater 1700 estende la rete super-veloce Wi-Fi 7
FRITZ!Repeater 1700 porta il Wi-Fi 7 dual-band nelle case connesse. Mette a disposizione fino a 2.880 Mbit/s su 5 GHz e 688 Mbit/s su 2,4 GHz, integrazione Mesh immediata via WPS con FRITZ!Box e funzioni smart come MLO per bassa latenza. Compatto, plug-and-play e pronto per il futuro, è la soluzione ideale per chi vuole coprire ogni angolo senza cavi o complicazioni
Fondazione Chips-IT, l'Italia alla riscossa nei chip. Il piano e la partnership EssilorLuxottica
Fondazione Chips-IT, l'Italia alla riscossa nei chip. Il piano e la partnership EssilorLuxottica
La Fondazione Chips-IT ha presentato a Pavia il piano strategico 2026-2028 per rafforzare l'ecosistema italiano dei semiconduttori. Con un focus su ricerca, design, talenti e infrastrutture, la Fondazione punta a consolidare il ruolo dell'Italia nel Chips Act europeo, sostenendo innovazione, collaborazione industriale e sovranità tecnologica.
Nutanix: innovazione, semplicità e IA al centro della strategia hybrid multicloud
Nutanix: innovazione, semplicità e IA al centro della strategia hybrid multicloud
Al Museo Alfa Romeo di Arese, Nutanix ha riunito clienti, partner ed esperti per .Next On Tour Italia e per mostrare come l’infrastruttura hybrid multicloud possa diventare il fondamento dell’innovazione, con una piattaforma capace di unificare applicazioni tradizionali, moderne architetture cloud-native e nuovi scenari basati sull’intelligenza artificiale
Intel prova macchinari 'cinesi' per i chip del futuro? Il caso ACM scuote Washington
Windows 11, problemi con l'aggiornamento KB5072033 e codice errore 0x800f0991
Bitcoin, sono passati 15 anni dalla 'scomparsa' di Satoshi Nakamoto. Un mistero ancora irrisolto
DAZN lancia il Pass Giornata per la Serie A: come si attiva e quanto costa
Street Fighter: Paramount e Capcom pubblicano il primo trailer ufficiale del nuovo film
Corsa finale all'ultimo sconto: Amazon promette un weekend con sconti eccezionali un po' su tutto, ecco quelli che abbiamo trovato
Per Tom Cruise niente film nello spazio: non vuole avvicinarsi a Trump e Musk
Invincible VS, dopo fumetti e serie TV arriva il picchiaduro con la giusta dose di sangue
Il robot umanoide che voleva fare il maggiordomo andrà in fabbrica
Galaxy Tab S10 Lite a 299€ su Amazon: tablet Samsung elegante con S Pen e Android 15 a prezzo bomba
Prezzi Google Pixel in calo su Amazon: Pixel 9a a 369€, Pixel 10 a 599€ e Pixel 10 Pro XL sotto i 950€
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 3 1 2 3 >
Rispondi
 
Strumenti
Old 23-10-2007, 15:22   #1
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
Win32:Dialer-1060 [Trj]
salve ragazzi ho bisogno di aiuto
da ieri ho questo problema
ogni volta che avvio una connessione internet avast mi trova questo Win32ialer-1060 [Trj]
non riesco ad eliminarlo mi potete aiutare consigliando programmi adatti e/o procedimenti da fare???
premetto che ho già utilizzato spy-bot search&destroy ma non ha funzionato
grazie dell'aiuto
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 16:09   #2
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
posta i log di hijackthis,gmer e findawf
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 19:58   #3
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
questo è il log di HijackThis, pero io non ci capisco nulla non ho la minima idea di cosa sia
ditemi qualcosa





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.56.32, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\bak\bak\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Anti-Dialer\a2adwizard.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 81.19.209.21 L2authd.lineage2.com
O1 - Hosts: 81.19.209.21 L2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190218479109
O17 - HKLM\System\CCS\Services\Tcpip\..\{5172B27B-724D-4770-8196-5B01D31B2F65}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B162D37D-86D7-4E7F-959A-65641A968C54}: NameServer = 213.205.36.70 213.205.32.70
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7650 bytes
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 20:41   #4
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
posta i log di hijackthis,gmer e findawf
.
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 21:13   #5
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
questo è il log di FindAWF
tra poco postero l'altro

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\MICROS~3\BAK

15/11/2005 20.35 1.204.224 wcescomm.exe
1 File 1.204.224 byte
2 Directory 89.836.867.584 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
3 Directory 89.836.867.584 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.00 15.360 ctfmon.exe
13/07/2003 02.49 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 89.836.863.488 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

06/09/2007 12.06 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 89.836.863.488 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

14/07/2007 13.33 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 89.836.863.488 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

29/09/2007 20.53 1.838.592 GoogleDesktop.exe
1 File 1.838.592 byte
2 Directory 89.836.863.488 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK

11/08/2007 12.48 282.624 qttask.exe
1 File 282.624 byte
2 Directory 89.836.863.488 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D04C-6F98

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 89.836.863.488 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1204224 15 Nov 2005 "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe"
282624 11 Aug 2007 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 13 Jul 2003 "C:\WINDOWS\system32\bak\NeroCheck.exe"
155648 13 Jul 2003 "D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe"
79224 6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
52272 29 Jun 2007 "C:\Programmi\Google\googletoolbar2user.exe"
1831472 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\GoogleDesktopSetup.exe"
138168 29 Jun 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 14 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
14879120 9 Dec 2006 "D:\Marco\GoogleEarthWin.exe"
11635064 7 Sep 2005 "D:\Marco\programmi\GoogleEarthPlus.exe"
52272 29 Jun 2007 "C:\Programmi\Google\googletoolbar2user.exe"
1831472 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\GoogleDesktopSetup.exe"
138168 29 Jun 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 14 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1838592 29 Sep 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1838592 6 Oct 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
14879120 9 Dec 2006 "D:\Marco\GoogleEarthWin.exe"
11635064 7 Sep 2005 "D:\Marco\programmi\GoogleEarthPlus.exe"
282624 11 Aug 2007 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
32881 13 Feb 2006 "C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe"


end of report
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 21:27   #6
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
ecco l'ultimo
fatemi sapere cosa posso fare che sto impazzendo

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-23 21:13:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, DC ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, DC ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92BDD4
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[184] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\programmi\softwin\bitdefender8\bdnagent.exe[272] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[428] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 021E2783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[428] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 021E242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[428] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F93FFD4
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[428] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 3EDE8C11
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, B1 ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, B1 ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9292D4
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[480] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[480] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[480] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[480] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[480] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[480] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, CD ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, CD ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92AED4
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[596] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, EF ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, EF ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92D0D4
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe[612] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, D2 ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, D2 ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92B3D4
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1492] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1492] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1492] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[1492] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\service32.exe[1956] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[1956] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\service32.exe[1956] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[1956] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\service32.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\service32.exe[1956] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\service32.exe[1956] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\service32.exe[1956] SHELL32.DLL!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\service32.exe[1956] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\service32.exe[1956] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\service32.exe[1956] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 011E2783; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 011E242E; RET C:\WINDOWS\syss.dll
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F92FFD4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1964] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F190F5A
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, B3 ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, B3 ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9294D4
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\QuickTime\bak\bak\qttask.exe[1980] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, DF ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, DF ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92C0D4
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\D-Tools\daemon.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\D-Tools\daemon.exe[1996] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\D-Tools\daemon.exe[1996] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\D-Tools\daemon.exe[1996] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\D-Tools\daemon.exe[1996] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\D-Tools\daemon.exe[1996] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\D-Tools\daemon.exe[1996] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, A1 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, A1 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F9282D4
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[2108] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[2208] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2424] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\WINDOWS\system32\wuauclt.exe[2808] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 02272783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 0227242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F9408D4
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F100F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[2896] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F190F5A
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 014A2783; RET C:\WINDOWS\syss.dll
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 014A242E; RET C:\WINDOWS\syss.dll
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes CALL 3F932BD4
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1A, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 17, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\WinRAR\WinRAR.exe[3536] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\WinRAR\WinRAR.exe[3536] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ADVAPI32.DLL!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ADVAPI32.DLL!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] ADVAPI32.DLL!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]
.text C:\Programmi\WinRAR\WinRAR.exe[3536] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, 83, 27, FD ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 2E, 24, FD ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes CALL 3F92DED4
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] kernel32.dll!OpenProcess 7C81E079 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Marco\IMPOST~1\Temp\Rar$EX00.906\gmer.exe[3552] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 11, 5F ]

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82396270

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B9ACBF76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B9ACA812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B9ACA812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86362C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86362C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F86368E6] aswTdi.SYS

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8206E300
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81DE9D00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8206E300
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82078898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82078898
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8206E300
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8206E300
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81E1FC88

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86362C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86362C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F86368E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F86368E6] aswTdi.SYS

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81C78560
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81C78560
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8207AF28
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81E21408
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82079F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82079F00
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 81CBFB30
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 81CBFB30
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 81CBFB30
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 81CBFB30
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 81CBFB30
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82157E90
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 21:30   #7
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
il log di gmer non riesco a postarlo è troppo grande, sono 135 pagine di word.. è cosi indispensabile?
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 21:31   #8
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
Codice:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-23 21:31:14
Windows 5.1.2600 Service Pack 2


AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                         [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE              [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                          [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                           [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                          [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION              [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                       [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                         [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                  [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION       [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION         [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL              [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL            [B9ACBF76] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                 [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL        [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                       [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                   [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                        [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT                [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                 [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                   [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_POWER                          [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL                 [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE                  [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                    [B9ACA812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                      [B9ACA812] aswMon2.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE                        [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_READ                         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_WRITE                        [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL          [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL      [F86362C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL                 [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY                 [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_POWER                        [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA                  [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_READ                        [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL     [F86362C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_POWER                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA                 [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA                   [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_READ                        [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_WRITE                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL     [F86362C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY                [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_POWER                       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA                 [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA                   [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_READ                      [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA                  [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA                    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION  [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION    [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL         [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL       [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL   [F86362C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN                  [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP                   [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT           [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY              [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_POWER                     [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL            [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE             [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA               [F86368E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA                 [F86368E6] aswTdi.SYS

Device          \FileSystem\Ntfs \Ntfs IRP_MJ_READ                           82396270

---- Modules - GMER 1.0.13 ----

Module          _________                                                    F8453000-F846B000 (98304 bytes)

---- Processes - GMER 1.0.13 ----

Process         C:\WINDOWS\service32.exe (*** hidden *** )                   1956                             

---- System - GMER 1.0.13 ----

SSDT            d347bus.sys                                                  ZwEnumerateKey
SSDT            d347bus.sys                                                  ZwEnumerateValueKey

---- EOF - GMER 1.0.13 ----
Ultima modifica di xcdegasp : 24-10-2007 alle 13:01.
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 23-10-2007, 22:25   #9
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
perfetto(si fa per dire)ne hai 2:
1)disabilita il ripristino configurazione di sistema
2)avvia avenger col seguente script
Quote:
Files to remove:
C:\WINDOWS\service32.exe
C:\WINDOWS\syss.dll
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Files to move:
C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe | C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\QuickTime\bak\bak\qttask.exe | C:\Programmi\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe | C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 12:27   #10
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
il win31 dialer ancora si presenta ,cosa posso fare???compare sempre quando mi connetto
posso riattivare la il ripristino configurazione di sistema
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 12:34   #11
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
posta i log di avenger
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 12:48   #12
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vbaxymor

*******************

Script file located at: \??\C:\WINDOWS\system32\yogxfjaa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\bak\qttask.exe|C:\Programmi\QuickTime\bak\qttask.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.

Error: file move operations must be within volumes.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\NeroCheck.exe|D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe
Status: 0xc000003e

File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe|C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe completed successfully.


File C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe not found!
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe failed!

Could not process line:
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe
Status: 0xc0000034


Completed script processing.
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 16:10   #13
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
riprova con questo:
Quote:
Files to replace with dummy:
C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe
D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe
mi raccomando,non rimuovere i backup creati da avenger.
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 17:27   #14
xcdegasp
Senior Member
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
Quote:
Originariamente inviato da marconun Guarda i messaggi
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vbaxymor

*******************

Script file located at: \??\C:\WINDOWS\system32\yogxfjaa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\bak\qttask.exe|C:\Programmi\QuickTime\bak\qttask.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.

Error: file move operations must be within volumes.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\NeroCheck.exe|D:\Marco\programmi\Nuova cartella\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe
Status: 0xc000003e

File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe|C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe completed successfully.


File C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe not found!
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe failed!

Could not process line:
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Finale 2007\Component Files\Java\jre\bin\jusched.exe
Status: 0xc0000034


Completed script processing.
mi spiace ma le regole sono regole, e il warez (crack, seriali etc..) non sono tollerati.
3 giorni di sospensione
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 17:31   #15
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
mica me n'ero accorto
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 24-10-2007, 17:36   #16
xcdegasp
Senior Member
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
al setaccio nulla sfugge
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 27-10-2007, 18:50   #17
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
quindi ora non mi aiuterete piu???
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 01:02   #18
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
il problema persiste ancora?!
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 10:56   #19
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
si, ogni volta che mi collego.
marconun è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 11:01   #20
marconun
Member
 
Iscritto dal: Oct 2007
Messaggi: 73
ecco la schermata che mi appare
Immagini allegate
File Type: gif eccoasd ridotto.GIF (10.3 KB, 5 visite)
marconun è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 3 1 2 3 >
 Rispondi

« Discussione precedente | Discussione successiva »

FRITZ!Repeater 1700 estende la rete super-veloce Wi-Fi 7 FRITZ!Repeater 1700 estende la rete super-veloce...
Fondazione Chips-IT, l'Italia alla riscossa nei chip. Il piano e la partnership EssilorLuxottica Fondazione Chips-IT, l'Italia alla riscossa nei ...
Nutanix: innovazione, semplicità e IA al centro della strategia hybrid multicloud Nutanix: innovazione, semplicità e IA al ...
Lenovo LOQ 15i Gen 10 (15IRX10) alla prova: il notebook gaming 'budget' che non ti aspetti Lenovo LOQ 15i Gen 10 (15IRX10) alla prova: il n...
Due mesi di Battlefield 6: dalla campagna al battle royale, è l'FPS che stavamo aspettando Due mesi di Battlefield 6: dalla campagna al bat...
Intel prova macchinari 'cinesi' per i ch...
Windows 11, problemi con l'aggiornamento...
Bitcoin, sono passati 15 anni dalla 'sco...
DAZN lancia il Pass Giornata per la Seri...
Street Fighter: Paramount e Capcom pubbl...
Corsa finale all'ultimo sconto: Amazon p...
Per Tom Cruise niente film nello spazio:...
Invincible VS, dopo fumetti e serie TV a...
Il robot umanoide che voleva fare il mag...
Galaxy Tab S10 Lite a 299€ su Amazon: ta...
Prezzi Google Pixel in calo su Amazon: P...
Prezzi in picchiata sull'hardware PC: GP...
Aspyr ha rinviato Deus Ex Remastered: pr...
Amazon Haul, prezzi mini senza precedent...
Linate, sequestrate oltre 20.000 carte c...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 20:22.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v