Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina Come cavolo lo tolgo... help

Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026
Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026
In occasione del proprio Architecture Deep Dive 2025 Qualcomm ha mostrato in dettaglio l'architettura della propria prossima generazione di SoC destinati ai notebook Windows for ARM di prossima generazione. Snapdragon X2 Elite si candida, con sistemi in commercio nella prima metà del 2026, a portare nuove soluzioni nel mondo dei notebook sottili con grande autonomia
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice
DJI Mini 5 Pro porta nella serie Mini il primo sensore CMOS da 1 pollice, unendo qualità d'immagine professionale alla portabilità estrema tipica di tutti i prodotti della famiglia. È un drone C0, quindi in un peso estremamente contenuto e che non richiede patentino, propone un gimbal rotabile a 225 gradi, rilevamento ostacoli anche notturno e autonomia fino a 36 minuti. Caratteristiche che rendono il nuovo drone un riferimento per creator e appassionati
ASUS Expertbook PM3: il notebook robusto per le aziende
ASUS Expertbook PM3: il notebook robusto per le aziende
Pensato per le necessità del pubblico d'azienda, ASUS Expertbook PM3 abbina uno chassis particolrmente robusto ad un pannello da 16 pollici di diagonale che avantaggia la produttività personale. Sotto la scocca troviamo un processore AMD Ryzen AI 7 350, che grazie alla certificazione Copilot+ PC permette di sfruttare al meglio l'accelerazione degli ambiti di intelligenza artificiale
Tutti i prodotti FRITZ!Box scendono di prezzo per il Black Friday: occasioni da non perdere su modem router, ripetitori e altro
Copilot Actions può installare malware e rubare dati: esperti di sicurezza contro Microsoft
Corsair lancia le promozioni Black Friday 2025: case, ventole, PSU e molto altro in sconto
Google apre a Taipei il suo più grande hub hardware per l'infrastruttura AI fuori dagli USA
iPhone Fold avrà la batteria con capacità record (per uno smartphone Apple)?
Unity ed Epic Games uniscono le forze: un accordo storico per il futuro dei videogiochi
Il Black Friday di 3i: tre robot aspirapolvere fino al 49% di sconto
MSI PRO DP80: il desktop compatto che punta su produttività, sostenibilità e design
Meta perde il suo Chief AI Scientist: LeCun fonda un nuovo progetto di IA avanzata
Smartphone più costosi dal 2026: Xiaomi punta il dito contro i prezzi delle memorie
Black Friday Dreame: come orientarsi fra le migliori offerte per la pulizia della casa del 2025
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 03-01-2007, 11:47   #1
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
Come cavolo lo tolgo... help
Salve a tutti, era un po che nn tornavo sul forum....
Ho un problema con winzozz come al solito, Ho installato opera al posto di internet explorer e ve lo consiglio xchè è velocissimo (x chi è ancora cn explorer) cmq. ho un problema che ogni tanto quando navigo il programma stesso (Opera.exe) richiama dwwin.exe,(credo che sia il dottor watson) Zone alarm me lo segnala ovviamente ma se metto consenti mi va in errore e si chiude, se metto nega mi chiude il browser lo stesso...

Mi sono accorto però che sulla cartella c:WINDOWS l'antivirus mi trova un sacco di file (virus o malware nn so) del tipo win32/wadspeld.Z che nn riesce a eliminare perchè sono caricati in memoria (ho provato manualmente) Ovviamente i file sono nascosti da nomi apparentemente innoqui del tipo Toshiba-Driver.exe...

Che fare? su questo tipo sulla rete nn si trova niente... HELP
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 03-01-2007, 11:50   #2
c.m.g
Senior Member
 
L'Avatar di c.m.g
 
Iscritto dal: Mar 2006
Messaggi: 22114
che av hai? prova a fare una scansione on line con kaspersky e bitdefender.
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario.
c.m.g è offline   Rispondi citando il messaggio o parte di esso
Old 03-01-2007, 11:52   #3
black92
Senior Member
 
L'Avatar di black92
 
Iscritto dal: Nov 2006
Città: Monza (MI)
Messaggi: 3329
Quote:
Originariamente inviato da c.m.g
che av hai? prova a fare una scansione on line con kaspersky e bitdefender.
a quanto pare vedo che sei messo maluccio, munisciti di antivirus e tool di rimozione, intanto resto in attesa dei software che utilizzi per la sicurezza
__________________
CM Haf 932 Advanced | EVGA Supernova 750 G5 | Asus ROG Maximus X Hero | i7 8700k @ 4.8 cooled by Noctua NH-D15 | G.Skill DDR4 Trident Z RGB 2x8GB @ 4133 MHz 1,45v | Asus ROG STRIX GTX 1080 Ti OC | Samsung 970 EvoPlus 500GB | Samsung 840 Pro 128 GB | WD Caviar Blue 1TB | AOC 24G2U/BK | Corsair K70 (CMX Red ) | Logitech G-Pro Wireless | Fnatic FOCUS V2 | HyperX Cloud II | Win 10 Pro X64 | Vodafone FTTH 1000/200
Toshiba L50-A-1EL + Samsung 830 128 GB
black92 è offline   Rispondi citando il messaggio o parte di esso
Old 03-01-2007, 12:48   #4
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
Uso zone alarm security suite aggiornato ogni giorno e spybot search and destroy aggiornato costantemente e con il resident acceso...


Ps) che tool di rimozione dovrei usare visto che se cerco wadspeld su google nn trova quasi niente...

PPs) Ho provato a fare un riavvio in modalità provvisoria per vedere se riuscivo a eliminare manualmente i file sospetti ma sembravano caricati in memoria visto che nn me li faceva eliminare, ho aperto il task manager x vedere se c'era qualche processo strano da killare, ma c'era solo la roba essenziale.... BOH dove cavolo sono eseguiti... nn ci capisco niente
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 03-01-2007, 17:27   #5
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Potresti scaricare gmer (http://www.majorgeeks.com/download.php?det=5198) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurati che in entrambe le scansioni NON sia selezionata l'opzione show all e lascia tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e cerca di chiudere tutte le applicazion aperte.
Vedendo quei log potremo dirti esattamente dove intervenire.
__________________
Without Contraries is no Progression...
Ultima modifica di bReAkDoWn : 03-01-2007 alle 17:31.
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 03-01-2007, 19:36   #6
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
e un antivirus più potente del CA
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 04-01-2007, 01:54   #7
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
X wizard1993: cioè? NN è buono Zone alarm? io il norton nn lo metto...

AUTOSTART



GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 01:51:08
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = c:\windows\system32\userinit.exe,"c:\docume~1\s4ndst~1\impost~1\temp\40.tmp",
Windows@AppInit_DLLs = \\?\C:\WINDOWS\com6.obv

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Autodesk Licensing Service /*Autodesk Licensing Service*/@ = "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"
mi-raysat_3dsmax8 /*RaySat_3dsmax8 Server*/@ = C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SolidWorks SolidNetWork License Manager /*SolidWorks SolidNetWork License Manager*/@ = C:\Programmi\SolidWorks\CRACK\lmgrd.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
YRQs /*YRQs*/@ = "C:\Programmi\File comuni\System\QnZ.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NWEReboot /*file not found*/ = /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\AcDwfThmbPrxy16.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{7D6FA9B2-C561-45E1-F818-43071CB7A6FA}C:\WINDOWS\cakai1.dll = C:\WINDOWS\cakai1.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\system32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000006@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll
000000000007@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000008@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000009@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000024@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025@PackedCatalogItem = C:\WINDOWS\system32\imslsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = DSLMON.lnk

---- EOF - GMER 1.0.12 ----
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 04-01-2007, 09:38   #8
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Ci sono segni di infezione da LinkOptimizer. E' consigliabile una rimozione manuale. Quindi dovresti scaricare the avenger da qua: http://swandog46.geekstogo.com/avenger.zip
Esegui seleziona input script manually, lente di ingrandimento, copia lo script nella finestra, click done, semaforo verde e rispondi di sì. Il pc sarà riavviato. Una volta riavviato comparirà un log dentro al notepad, copialo e riportalo sul forum. Se non comparisse prova a cercarlo dentro la cartella c:\avenger (o e:\avenger f:\avenger, a seconda di dove è installato windows).

Script da copiare:

Quote:
registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\com6.obv
C:\Programmi\File comuni\System\QnZ.exe
C:\WINDOWS\cakai1.dll
c:\docume~1\s4ndst~1\impost~1\temp\40.tmp

registry keys to delete:
HKLM\system\controlset003\services\YRQs
HKLM\system\controlset002\services\YRQs
HKLM\system\controlset001\services\YRQs
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D6FA9B2-C561-45E1-F818-43071CB7A6FA}

Dopo il riavvio esegui hijackthis (www.merijn.org), seleziona do a system scan only, spunta la linea che inizia per f2 e contiene c:\windows\system32\userinit.exe,"c:\docume~1\s4ndst~1\impost~1\temp\40.tmp", e premi fix checked.

Potresti anche eseguire una scansione con questo: http://securityresponse.symantec.com...FixLinkopt.exe , eseguendolo con Windows in modalità provvisoria.

Infine, per controllare l'esito della pulitura, puoi rieffettuare le scansioni autostart, ed anche rootkit, con gmer e copiare il risultato sul forum.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 04-01-2007, 11:03   #9
c.m.g
Senior Member
 
L'Avatar di c.m.g
 
Iscritto dal: Mar 2006
Messaggi: 22114
per sicurezza interpretate anche il mio log di gmer?

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-04 11:02:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT pxfsf.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT pxfsf.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP A9B99760 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP A9B99C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, F8, 68, BA, 83, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ B5, F8, 68, BA, BF, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 12 Bytes [ DD, F8, 68, BA, E7, F8, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23F4 805010F8 24 Bytes [ FB, F8, 68, BA, 05, F9, 68, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 37, F9, 68, BA, 41, F9, 68, ... ]
.text ...
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540ABA 7 Bytes JMP A9B9CCD0 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE33B46 7C9DE9F8 4 Bytes [ 04, 03, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE33B56 7C9DEA08 4 Bytes [ 00, 04, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34A96 7C9DF948 4 Bytes [ 54, 04, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34AB2 7C9DF964 4 Bytes [ 82, 03, F4, 00 ]
.text C:\WINDOWS\explorer.exe[484] SHELL32.dll!StrStrW + FFE34AC6 7C9DF978 4 Bytes [ 58, 03, F4, 00 ]

---- Threads - GMER 1.0.12 ----

Thread 4:176 8A5CAA20
Thread 4:180 8A5AAC60
Thread 4:184 8A5AAC60
Thread 4:412 8A5CAA20
Thread 4:476 8A5CAA20
Thread 4:3444 884AD5B0

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] CBD8DCED4A898C431C10FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B5559DB7CE019D40AA5C68DA28F9B1B06CCDF15704AD89ED03C182A24ED363F6DE445E08F05784CDE4D4715FF84426350FC906033CE0A88CD2887A190B90D677229C959C7493C15E7412E34E920A23BBDC2B24E0F5CDD935395EC980911DE60CE9A58627BC908DD31E23EBC2CD66F286AE8E1BA4B115D75B86727ECBA73D60F29DC51E767C5965D88444FA0763C961CC7F21FAB8532FE1DE2F0AECA27B8E11DB4AF4148EC8CD498AECC1469D727A413AEDA71BB92063B91B4A7DABDD1E7DCC6CA2C15DA69A21BEFBC27E47B9FC90E7EC3C79957AC5CF275A9439168C024D6CBD794C39A9CEDC4E3112EF3AC469792EF7D2024980D167F25CED3D4AF181164ADCC9492537A75A83A50D22A15902F47463BABFD68339EFED57599CAC045842C64AAD83E6A3CBCA70480BB1414B759899A824C6A572D281E8F07E01E4EC250F46FBE8D885F5C131A8780452239B57CB0438E1BCDFEE598B3C46ABA65D0CEE90AE5ADEB74D6AF7E6458E184915851B4D9D746A5EF2CEEB4FC1E7CDDDC3721DAD6D4298A750EEC11662D48671A6F39D2CD3B458FA119A8F62D7D8FA0B8D69FB21708443C15FA8513F2286B7392E081D4E994

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS C:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4

---- EOF - GMER 1.0.12 ----


autostart:

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 11:02:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent@DLLName = Ati2evxx.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc /*Acronis Scheduler2 Service*/@ = "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
AVP /*Kaspersky Internet Security 6.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
btwdins /*Bluetooth Service*/@ = C:\Programmi\Software Bluetooth\bin\btwdins.exe
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe" /*file not found*/
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Acronis?True?Image Monitor(null) =
@Acronis Scheduler2 Service"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" = "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
@REGSHAVEC:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN = C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
@HPHmon04C:\WINDOWS\system32\hphmon04.exe = C:\WINDOWS\system32\hphmon04.exe
@OmnipageC:\Programmi\ScanSoft\OmniPageSE\opware32.exe = C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
@LVCOMSXC:\WINDOWS\system32\LVCOMSX.EXE = C:\WINDOWS\system32\LVCOMSX.EXE
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@Babylon ClientC:\Programmi\Babylon\Babylon.exe -AutoStart = C:\Programmi\Babylon\Babylon.exe -AutoStart
@Motive SmartBridgeC:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" = "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
@CnxDslTaskBar"C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" = "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@Pinnacle WebUpdater"C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles = "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
@PMCRemoteC:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@AVP"C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@AudioHQUC:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE = C:\Programmi\Creative\SBLive\AudioHQ\AHQTBU.EXE
@PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
@LogitechSoftwareUpdateC:\Programmi\Logitech\Video\ManifestEngine.exe boot = C:\Programmi\Logitech\Video\ManifestEngine.exe boot
@PMCS"C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
@SUPERAntiSpywareC:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\BTNEIG~1.DLL = C:\WINDOWS\system32\BTNEIG~1.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} /*OODefrag*/C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} = C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{A5366673-E8CA-11D3-9CD9-0090271D075B}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A887298-BC2E-42EA-9F76-A597293A834B} /*Connessione 1394*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk
Exif Launcher.lnk = Exif Launcher.lnk

---- EOF - GMER 1.0.12 ----


grazie
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario.
c.m.g è offline   Rispondi citando il messaggio o parte di esso
Old 06-01-2007, 13:11   #10
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
scusate il ritardo ecco quà:
Ps9)nel prompt dopo il riavvio ho visto x un attimo che nn riusciva a trovare alcuni file tipo C:/Reboot.exe comunque vi posto il log:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xdtpimwp

*******************

Script file located at: \??\C:\Program Files\inhmcubq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\com6.obv deleted successfully.
File C:\Programmi\File comuni\System\QnZ.exe deleted successfully.
File C:\WINDOWS\cakai1.dll deleted successfully.


File c:\docume~1\s4ndst~1\impost~1\temp\40.tmp not found!
Deletion of file c:\docume~1\s4ndst~1\impost~1\temp\40.tmp failed!

Could not process line:
c:\docume~1\s4ndst~1\impost~1\temp\40.tmp
Status: 0xc0000034



Registry key HKLM\system\controlset003\services\YRQs not found!
Deletion of registry key HKLM\system\controlset003\services\YRQs failed!

Could not process line:
HKLM\system\controlset003\services\YRQs
Status: 0xc0000034

Registry key HKLM\system\controlset002\services\YRQs deleted successfully.
Registry key HKLM\system\controlset001\services\YRQs deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D6FA9B2-C561-45E1-F818-43071CB7A6FA} deleted successfully.

Completed script processing.
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 06-01-2007, 14:59   #11
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
La rimozione con TheAvenger è andata a buon fine. Il rootkit dovrebbe essere inattivo. Se ne vuoi conferma rifai i log con gmer.
E' molto probabile che siano rimaste nel sistema delle tracce inattive e innocue del virus, puoi fare una scansione con un antivirus.
Infine prova a cercare dentro programmi\file comuni\system file comuni\services e file comuni\microsoft shared se ci sono dei file dai nomi causali e di colore verde. Quelli puoi eliminarli tutti, manualmente o con questo http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
se manualmente non riesci.
Puoi anche eliminare l'utente fittizio, dal nome casuale, tramite start menu -> esegui -> LUSRMGR.MSC
In caso di dubbio chiedi pure.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 06-01-2007, 15:11   #12
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
e chi ti consiglia norton; anzi... io dico che il motore di scansione ca utilizzato dalla zone labs nella sua security suite fa letteralmente un figura di m rispetto a motori quali quello di antivir kaspersky bitdefender o mcafee. tanto che la zone labs a deciso di passare al motore del kaspersky, molto più efficente. questi sono dati emersi dai test; non li ho inventati
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 03:26   #13
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
grazie a tutti dei consigli purtroppo però i file infetti .exe su c:WINDOWS (quelli con falsi nomi di driver rimangono) e penso siano quelli che causano problemi con opera e altre applicazioni... ora proverò a navigare e vedere se mi richiama dwwin.exe ma penso che continui a farlo....

x wizard1993: Grazie dei consigli quindi mi consigli di cambiare antivirus? o visto che zone alarm utilizza il motore di kaspersky di tenermelo??
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 11:24   #14
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
manca comunque il log rootkit di gmer, per adesso hai mandato solo quello autostart.
Ricreali entrambi così vediamo la situazione completa; magari c'era qualcos'altro oltre a quello che abbiamo rimosso. Infine potresti elencare qualche nome dei file infetti presenti in windows, e se l'antivirus li riconosce come infetti, riportare anche il nome del virus rilevato?
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 11:31   #15
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da s4ndstorm
grazie a tutti dei consigli purtroppo però i file infetti .exe su c:WINDOWS (quelli con falsi nomi di driver rimangono) e penso siano quelli che causano problemi con opera e altre applicazioni... ora proverò a navigare e vedere se mi richiama dwwin.exe ma penso che continui a farlo....

x wizard1993: Grazie dei consigli quindi mi consigli di cambiare antivirus? o visto che zone alarm utilizza il motore di kaspersky di tenermelo??
lo zone alarm utilizzerà il kasper; ancora è non è uscita la versione 7
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 14:56   #16
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
ecco quà non me ne ero accorto...


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-07 14:55:31
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.12 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8621C9A0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 8621C9A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8621BF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8621BF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_READ 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8621C898
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8621C898
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8658A940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8658A940
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865D5498
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865D5498
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 865D56D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 865D56D0
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLEANUP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_MAILSLOT 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CHANGE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DIRECTORY_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FLUSH_BUFFERS 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_LOCK_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_READ 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SHUTDOWN 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_WRITE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CLOSE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_PNP 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_POWER 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_READ 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_EA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8621C790
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 IRP_MJ_WRITE 8621C790
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBT_Tcpip_{9315B26B-16B5-4413-98D0-9240AFF5FBFD} IRP_MJ_PNP 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8605E970
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8605E970
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F44D5230] vsdatant.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85C36A70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85ED20E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85ED20E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86070A48
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86071A10
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86070A48
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86071A10
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86071A10
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86079A40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EF9CE8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EF9CE8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85ED70E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85ED70E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86298AB8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8606ACF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8606ACF0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8629F680
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8606FEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8606FEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8658A550
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8658A688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8658A688
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86043030
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85F00EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85F00EB0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85E0B030

---- System - GMER 1.0.12 ----

INT 0x0E \SystemRoot\System32\DRIVERS\haspnt.sys BAC32FC2
INT 0x06 \SystemRoot\System32\DRIVERS\haspnt.sys BAC3316D

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver

---- Modules - GMER 1.0.12 ----

Module _________ F7310000

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\00\100-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v100-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\01\101-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v101-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\01\86-{C100622E-6C6A-EA81-4BC2-679C534DDC68}-v1-{ED2ACAC0-0488-40C8-AD6D-088646815037}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\03\103-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v103-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\04\104-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v104-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\05\105-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v105-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\06\106-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v106-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\07\107-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v107-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\08\108-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v108-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\09\109-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v109-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\10\110-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v110-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\11\111-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v111-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\13\113-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v113-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\14\114-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v114-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v114-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\16\116-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v116-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v116-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\18\118-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v118-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\19\119-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v119-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\20\120-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v120-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\21\121-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v121-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\22\122-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v122-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\23\123-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v123-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\24\124-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v124-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v124-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\26\126-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v126-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\27\127-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v127-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\51\51-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v51-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\52\52-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v52-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\53\53-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v53-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\54\54-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v54-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\55\55-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v55-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\56\56-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v56-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\57\57-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v57-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\58\58-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v58-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\59\59-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v59-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\60\60-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v60-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\61\61-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v61-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\62\62-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v62-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\63\63-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v63-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\64\64-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v64-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\65\65-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v65-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\66\66-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v66-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\67\67-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v67-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\69\69-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v69-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\70\70-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v70-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v70-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\71\71-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v71-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\72\72-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v72-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\73\73-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v73-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\78\78-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v78-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v78-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\81\81-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v81-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\82\82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\82\82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\83\83-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v83-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\84\84-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v84-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\86\86-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v86-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\87\87-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v87-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\89\89-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v89-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v89-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\91\91-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v91-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\92\92-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v92-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\93\93-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v93-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\94\94-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v94-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\95\95-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v95-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\96\96-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v96-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\97\97-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v97-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\S4ndstorm\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C100622E-6C6A-EA81-4BC2-679C534DDC68}\99\99-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v99-{53323F27-D3BB-43E3-A6C5-25D4E054D52A}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 805010EC 8 Bytes [ 60, 77, 4C, F4, 80, 79, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 80, 01, 4B, F4, 30, 93, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805011B4 8 Bytes [ C0, D9, 4A, F4, F0, 94, 4C, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 26EC 805013F0 8 Bytes [ 30, D8, 4A, F4, B0, 90, 3D, ... ]

---- EOF - GMER 1.0.12 ----
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 15:02   #17
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
Ah dimenticavo... i file sospetti sono quelli che ho descritto nel primo post...
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 07-01-2007, 15:21   #18
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Rootkit attivi non ne vedo.
Probabilmente è rimasto ben poco.. dimmi una cosa: questi file in windows sono rimasti sempre gli stessi ma non si cancellano, oppure ti sembra che cambino in nome e in numero da riavvio a riavvio o comunque nel tempo..?
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 08-01-2007, 00:05   #19
s4ndstorm
Junior Member
 
Iscritto dal: Dec 2005
Messaggi: 12
eh la prima ipotesi, sono sempre gli stessi ma se provo ad eliminarli non me lo lascia fare esattamente come se fossero caricati in memoria...

Cmq ho notato una cosa strana quando provo ad eliminarli non mi compare subito la finestra "Sei sicuro di voler eliminare...ecc" ma sta uno o due secondi a caricare il pc come se stesse partendo il processo x impedire l'eliminazione.

E poi a volte quando li seleziono mi si apre la finestra di zone alarm con il nome di quel file che mi dice che è un virus del tipo win32/wadspeld.Z ma che non può eliminare....
s4ndstorm è offline   Rispondi citando il messaggio o parte di esso
Old 08-01-2007, 09:31   #20
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Prova ad eliminarli, per vedere se si ricreano.
The avenger lo hai già utilizzato, utilizza il semplice script qua sotto, aggiungendo i nomi degli altri file da eliminare, completi di percorso completo, quindi c:\windows\nomefile


Files to delete:
c:\windows\Toshiba-Driver.exe
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026 Qualcomm Snapdragon X2 Elite: l'architettura del...
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice Recensione DJI Mini 5 Pro: il drone C0 ultra-leg...
ASUS Expertbook PM3: il notebook robusto per le aziende ASUS Expertbook PM3: il notebook robusto per le ...
Test ride con Gowow Ori: elettrico e off-road vanno incredibilmente d'accordo Test ride con Gowow Ori: elettrico e off-road va...
Recensione OnePlus 15: potenza da vendere e batteria enorme dentro un nuovo design Recensione OnePlus 15: potenza da vendere e batt...
Tutti i prodotti FRITZ!Box scendono di p...
Copilot Actions può installare ma...
Corsair lancia le promozioni Black Frida...
Google apre a Taipei il suo più g...
iPhone Fold avrà la batteria con ...
Unity ed Epic Games uniscono le forze: u...
Il Black Friday di 3i: tre robot aspirap...
MSI PRO DP80: il desktop compatto che pu...
Meta perde il suo Chief AI Scientist: Le...
Smartphone più costosi dal 2026: ...
Black Friday Dreame: come orientarsi fra...
POCO conferma le specifiche dei nuovi F8...
MOVA Black Friday 2025: fino a 550€ di s...
Xiaomi TV F Pro a prezzi super ribassati...
Portatile Dell tuttofare scontatissimo: ...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 10:44.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v