Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina [risolto][WinXP] dialer-1060

ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz
ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz
ASUS ROG Swift OLED PG34WCDN è il primo monitor gaming con pannello QD-OLED Gen 5 a layout RGB Stripe Pixel e 360 Hz su 34 pollici: lo abbiamo misurato con sonde colorimetriche e NVIDIA LDAT. Ecco tutti i dati
Recensione Nothing Phone (4a) Pro: finalmente in alluminio, ma dal design sempre unico
Recensione Nothing Phone (4a) Pro: finalmente in alluminio, ma dal design sempre unico
Nothing Phone (4a) Pro cambia pelle: l'alluminio unibody sostituisce la trasparenza integrale, portando una solidità inedita. Sotto il cofano troviamo uno Snapdragon 7 Gen 4 che spinge forte, mentre il display è quasi da top dig amma. Con un teleobiettivo 3.5x e la Glyph Matrix evoluta, è la prova di maturità di Carl Pei. C'è qualche compromesso, ma a 499EUR la sostanza hardware e la sua unicità lo rendono un buon "flagship killer" in salsa 2026
WoW: Midnight, Blizzard mette il primo, storico mattone per l'housing e molto altro
WoW: Midnight, Blizzard mette il primo, storico mattone per l'housing e molto altro
Con Midnight, Blizzard tenta il colpaccio: il player housing sbarca finalmente su Azeroth insieme a una Quel'Thalas ricostruita da zero. Tra il dramma della famiglia Ventolesto e il nuovo Prey System, ecco com'è la nuova espansione di World of Warcraft
Secondo Elon Musk FSD è più sicuro degli umani, secondo Tesla invece no!
Anche Cloudflare fissa il 2029 per la sicurezza post-quantistica completa: cosa è cambiato nelle ultime settimane
Hacker sfruttano da mesi un bug segreto in Adobe Reader: nessuna patch disponibile, a rischio tutti gli utenti
ASUSTOR Lockerstor 24R Pro Gen2: 24 bay e doppia connessione 10 GbE
Rigetti supera la soglia dei 100 qubit: arriva Cepheus-1-108Q con 108 qubit superconduttori
eFootball raggiunge il miliardo di download: Konami festeggia con Ronaldinho e il ritorno della Master League
Come provare OpenClaw facilmente grazie ai VPS di Aruba Cloud
Microsoft conferma: questo glitch dell'orologio su Windows non verrà mai risolto
Toyota bZ7: una berlina da oltre 5 metri che in Cina costa poco più di una Panda base
Artemis II, le prime foto del lato nascosto della Luna diventano wallpaper per lo smartphone
Sempre più pubblicità su YouTube: arrivano le interruzioni non skippabili da 90 secondi
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 29-10-2007, 14:27   #1
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
[risolto][WinXP] dialer-1060
non riesco a rimuovere il virus segnalatomi da avast: win32ialer-1060 [Trj]. Come posso fare? C'è qualche buona anima che mi aiuta?

Ecco il post di Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.25.56, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\63333ad491217f94e6aa7ae6a3835252\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57B49C9B-5257-49EC-AE27-61BBD5258BCC}: NameServer = 193.70.192.25,212.216.112.112
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe

--
End of file - 7903 bytes
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 14:34   #2
BEY0ND
Senior Member
 
L'Avatar di BEY0ND
 
Iscritto dal: Apr 2007
Messaggi: 2306
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe

dovrebbe essere questa da fixare,aspetta cmq qualcun'altro per confermare
BEY0ND è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 14:36   #3
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da BEY0ND Guarda i messaggi
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe

dovrebbe essere questa da fixare,aspetta cmq qualcun'altro per confermare
confermo
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 14:40   #4
BEY0ND
Senior Member
 
L'Avatar di BEY0ND
 
Iscritto dal: Apr 2007
Messaggi: 2306
Quote:
Originariamente inviato da Chill-Out Guarda i messaggi
confermo
puntuale come sempre chill-out
BEY0ND è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 14:46   #5
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da BEY0ND Guarda i messaggi
puntuale come sempre chill-out
faccio quel che posso
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 14:51   #6
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Inoltre:

Disattiva il Ripristino configurazione di sistema ovvero procedi in questa maniera:
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok
Deve rimanere disattivato fino a quando abbiamo appurato che non hai più problemi

Scarica CCleaner per la pulizia dei file temporanei da qui: http://www.filehippo.com/download/83...b540/download/
installalo senza la toolbar di Yahoo, lancialo, clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore" e avvia la pulizia.

Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/installalo, lancialo, aggiornalo e fagli fare una "Deep scan"

Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.ph...015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati

Scarica SysClean da qui: http://it.trendmicro-europe.com/file...c/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean
Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/ente...rt/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post

Al termine riposta un log di HJT

Ciao
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 15:18   #7
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
Quote:
Originariamente inviato da Chill-Out Guarda i messaggi
Inoltre:

Disattiva il Ripristino configurazione di sistema ovvero procedi in questa maniera:
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok
Deve rimanere disattivato fino a quando abbiamo appurato che non hai più problemi

Scarica CCleaner per la pulizia dei file temporanei da qui: http://www.filehippo.com/download/83...b540/download/
installalo senza la toolbar di Yahoo, lancialo, clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore" e avvia la pulizia.

Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/installalo, lancialo, aggiornalo e fagli fare una "Deep scan"

Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.ph...015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati

Scarica SysClean da qui: http://it.trendmicro-europe.com/file...c/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean
Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/ente...rt/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post

Al termine riposta un log di HJT

Ciao
Ok, ma mi ci vuole un po' di tempo perché la mia zona non è coperta dalla banda larga.
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 15:21   #8
Gle89
Senior Member
 
L'Avatar di Gle89
 
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
Non ti preoccupare, non c'è nessuna furia. Ti aspettiamo qui
Gle89 è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 16:33   #9
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
oltre al svchost dovresti avere almeno una dll,più un altro .exe
posta un log di gmer
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 16:46   #10
Riverside
Bannato
 
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
oltre al svchost dovresti avere almeno una dll,più un altro .exe posta un log di gmer
Non solo: sempre lasciando il Ripristino configurazione di sistema disattivato (e lascialo cosi fino a quando non sarà risolto il problema) e, per ora, senza fixare nulla con Hthis, oltre a quello che ti è già stato suggerito in precedenza, procedi in questo modo:

pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected

PANDA ANTIROOTKIT: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

ELISTARTA TOOL: clicca qui per il download
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

BITDEFENDER ONLINE SCANNER
● esegui una scansione online da: clicca qui per lo scan online
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● fai sapere se e cosa viene rilevato e rimosso (pubblica il Report che verrà rilasciato).

aggiorna INTERNET EXPLORER:
clicca qui per il download

da aggiornare JAVASUN (hai una versione vecchia di circa di 2 anni):
Start
Panello di Controllo (se non viene visualizzato in modalità classica, in alto a sinistra clicca sulla voce passa alla visualizzazione classica)
● clicca sulla icona Java per accedere al suo Pannello di controllo
● clicca sulla scheda Aggiornamento e poi sul pulsante Aggiorna adesso

Al termine, posta un nuovo log di Hthis.
Ultima modifica di Riverside : 29-10-2007 alle 16:48.
Riverside è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 19:21   #11
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
[quote=Chill-Out;19373420]Inoltre:


Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.ph...015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati

Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE

Non riesco però a rimuoverlo perché il cleanup è a pagamento; solo la scansione è free.
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 20:52   #12
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
[quote=Mozzonic;19378954]
Quote:
Originariamente inviato da Chill-Out Guarda i messaggi
Inoltre:


Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.ph...015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati

Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE

Non riesco però a rimuoverlo perché il cleanup è a pagamento; solo la scansione è free.
si, eventumlmente possiamo scaricare la trial di prevx, vorrei vedere prima il log di sysclean ed un altro log di HJT, grazie.
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 29-10-2007 alle 21:17.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 29-10-2007, 21:55   #13
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
oltre al svchost dovresti avere almeno una dll,più un altro .exe
posta un log di gmer
Quote:
Originariamente inviato da Mozzonic Guarda i messaggi
Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE
CVD
se magari mi postassi questo benedetto log...
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 17:16   #14
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post

Al termine riposta un log di HJT

Ecco il log di Sysclean:

2007-10-30, 16:59:55, Auto-clean mode specified.
2007-10-30, 16:59:55, Running scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\TSC.BIN"...
2007-10-30, 17:02:45, Scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\TSC.BIN" has finished running.
2007-10-30, 17:02:45, TSC Log:

2007-10-30, 17:03:11, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-10-30, 18:02:41, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean

43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean

Success Clean [ JAVA_BYTEVER.AY]( 1) from C:\Documents and Settings\PAOLO\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-24badb9f-225c3b73.zip,(Baaaaa.class)
43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40 58 minutes 57 seconds (3537.52 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean

43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40 58 minutes 57 seconds (3537.52 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN" has finished running.

Inoltre il log di HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.14.08, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57B49C9B-5257-49EC-AE27-61BBD5258BCC}: NameServer = 193.70.192.25,212.216.112.112
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

--
End of file - 7754 bytes

Grazie e fammi sapere. Ciao
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 18:14   #15
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
CVD
se magari mi postassi questo benedetto log...
Eccolo:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-30 19:12:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT a347bus.sys ZwCreatePagingFile
SSDT pxfsf.sys ZwCreatePort
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT a347bus.sys ZwSetSystemPowerState
SSDT pxfsf.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 08, 51, F8, 83, 08, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ B5, 08, 51, F8, BF, 08, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 24 Bytes [ FB, 08, 51, F8, 05, 09, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ A5, 09, 51, F8, AF, 09, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 31F 804E2FF0 1 Byte [ 6D ]
.text ...
.text tcpip.sys!IPTransmit + 10B7 F8135CFA 6 Bytes CALL F842AE50 Teefer.sys
.text tcpip.sys!IPTransmit + 24D9 F813711C 6 Bytes CALL F842AE50 Teefer.sys
.text tcpip.sys!IPTransmit + 4662 F81392A5 6 Bytes CALL F842AE50 Teefer.sys

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programmi\Spyware Doctor\SDTrayApp.exe[1932] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes [ 6B, 90, C3, 83 ]

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82E896B0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F8569454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F851BF56] pxfsf.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 828B0030

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS

Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS

Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82D0DC08
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82C53FB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82D0DC08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 82D1F258
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82D0DC08
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 828AE490

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82C72740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82C72740
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82CD2E40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82C7A800
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_READ 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 82F59008
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 828B0030

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F8569454] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F851BF56] pxfsf.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82ACA2E8

---- Modules - GMER 1.0.13 ----

Module _________ F8591000-F85A9000 (98304 bytes)

---- EOF - GMER 1.0.13 ----
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 18:56   #16
Mozzonic
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 21
[quote=Riverside;19375815]Non solo: sempre lasciando il Ripristino configurazione di sistema disattivato (e lascialo cosi fino a quando non sarà risolto il problema) e, per ora, senza fixare nulla con Hthis, oltre a quello che ti è già stato suggerito in precedenza, procedi in questo modo:

pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected

PANDA ANTIROOTKIT: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

ELISTARTA TOOL: clicca qui per il download
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

Fatto fino a qui. Ecco il log di elistarta:

Tue Oct 30 19:44:50 2007
EliStartPage v14.94 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminados Ficheros Temporales del IE

Tue Oct 30 19:45:03 2007
EliStartPage v14.94 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\PAOLO\Desktop\backup\EDILCLIMA PROGRAMMI\Centrali\ISPDATA.DLL --> Eliminado, AdWare.Agent.BN
C:\EDILCL~1\Centrali\ISPDATA.DLL --> Eliminado, AdWare.Agent.BN

Nº Total de Directorios: 3625
Nº Total de Ficheros: 42977
Nº de Ficheros Analizados: 11993
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
Mozzonic è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 19:43   #17
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
...e fin qui tutto ok.
ora scansiona,sempre con gmer,SOLO spuntanto "files" e "registry"
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 19:47   #18
Riverside
Bannato
 
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
Non si capisce più nulla
Quote:
Originariamente inviato da Mozzonic Guarda i messaggi
Inoltre il log di HJT
E’ rimasto questo problema da risolvere, per ora (non lo toccare, per nessuna ragione):

O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe

da questo momento, tutti i log e/o report che ti verranno richiesti devono:
● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione Gestisci Allegati;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare, pubblicando, nella discussione, il link che verrà rilasciato per il download.

Ora prosegui in questa maniera:

COMBO FIX: clicca qui per il download
● completata la prima fase della scansione il sistema verrà riavviato automaticamente
● dopo il rivvio verrà creato un Report in Risorse del Computer - Disco Locale C:
il Report, lo alleghi alla discussione.

poi, come ti ha chiesto Juninho (anche se lo hai già fatto):
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
posta un log di gmer
ripeti uno scan con Gmer, ed alleghi il log che verrà rilasciato.

Utima cosa: quanto posti, non hai bisogno di quotare i nostri interventi: ti devi semplicemente limitare a postare quello che ti viene richiesto e se hai qualche dubbio, chiedere chiarimenti.
Riverside è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 20:39   #19
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Non si capisce più nulla
come ti capisco, ieri sera stavo uscendo pazzo
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 30-10-2007, 22:55   #20
xcdegasp
Senior Member
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
Per chi non lo sapesse e non si fosse interessato:
http://www.hwupgrade.it/forum/showthread.php?t=1589984

provvedere immediatamente a mettersi in regola!!
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz ASUS ROG Swift OLED PG34WCDN recensione: il prim...
Recensione Nothing Phone (4a) Pro: finalmente in alluminio, ma dal design sempre unico Recensione Nothing Phone (4a) Pro: finalmente in...
WoW: Midnight, Blizzard mette il primo, storico mattone per l'housing e molto altro WoW: Midnight, Blizzard mette il primo, storico ...
Ecovacs Goat O1200 LiDAR Pro: la prova del robot tagliaerba con tagliabordi integrato Ecovacs Goat O1200 LiDAR Pro: la prova del robot...
Recensione Samsung Galaxy S26+: sfida l'Ultra, ma ha senso di esistere? Recensione Samsung Galaxy S26+: sfida l'Ultra, m...
Secondo Elon Musk FSD è più...
Anche Cloudflare fissa il 2029 per la si...
Hacker sfruttano da mesi un bug segreto ...
ASUSTOR Lockerstor 24R Pro Gen2: 24 bay ...
Rigetti supera la soglia dei 100 qubit: ...
eFootball raggiunge il miliardo di downl...
Come provare OpenClaw facilmente grazie ...
Microsoft conferma: questo glitch dell'o...
Toyota bZ7: una berlina da oltre 5 metri...
Artemis II, le prime foto del lato nasco...
Sempre più pubblicità su YouTube: arriva...
Polestar fa +80% in Italia e tocca quota...
Il tuo Mac smette di connettersi a Inter...
La nuova alleanza Intel-Google ridefinis...
Energia troppo cara, regole da rivedere:...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 05:36.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Served by www3v