Rustbfix mi dice:
************************* Rustock.b-fix -- By ejvindh *************************
20/02/2007 15.30.15,60
No Rustock.b-rootkits found
******************************* End of Logfile ********************************
Ho poi cercato con hijackthis se c’era uno dei file da te elencati, ma non ho trovato nulla. Fortunatamente sono riuscito a eliminare il profilo di windows che si era creato in più!
Ecco i report da te richiesti:
per il primo report devo dire che la casella ADS era già selezionata.
GMER 1.0.12.12027 -
http://www.gmer.net
Rootkit scan 2007-02-20 19:17:50
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwClose
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwUnloadKey
---- Kernel code sections - GMER 1.0.12 ----
.text USBPORT.SYS!DllUnload F636A62C 5 Bytes JMP 865AA970
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\Softwin\BitDefender9\bdoesrv.exe[288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Softwin\BitDefender9\bdswitch.exe[304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[388] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A3090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\RTHDCPL.exe[432] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text ...
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[648] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1156] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\iPod\bin\iPodService.exe[1300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\nvsvc32.exe[1552] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003C3090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Fede\Desktop\Zavagli\gmer.exe[2456] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D21D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 865A91D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867D41D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8659D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_PNP 857C41D8
Device \Driver\00000030 \Device\00000049 IRP_MJ_POWER [F7420DB6] sptd.sys
Device \Driver\00000030 \Device\00000049 IRP_MJ_SYSTEM_CONTROL [F743673C] sptd.sys
Device \Driver\00000030 \Device\00000049 IRP_MJ_PNP [F742F77E] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867701D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865911D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8676F1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 857C41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 865A91D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_PNP 867D31D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 8659D1D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 867D31D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85EED1D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 867D31D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85EED1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867701D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_CREATE 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_CLOSE 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_DEVICE_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_INTERNAL_DEVICE_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_POWER 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_SYSTEM_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_PNP 863241D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8576A2D8
---- Files - GMER 1.0.12 ----
ADS C:\WINDOWS\system32:lzx32.sys
---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12027 -
http://www.gmer.net
Autostart scan 2007-02-20 19:18:42
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = sockspy.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
CCALib8 /*Canon Camera Access Library 8*/@ = C:\Programmi\Canon\CAL\CALMAIN.exe
LIVESRV /*BitDefender Desktop Update Service*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
VSSERV /*BitDefender Virus Shield*/@ = "C:\Programmi\Softwin\BitDefender9\vsserv.exe" /service
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BDMCon"C:\Programmi\Softwin\BitDefender9\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
@BDOESRV"C:\Programmi\Softwin\BitDefender9\bdoesrv.exe" = "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
@BDNewsAgent"C:\Programmi\Softwin\BitDefender9\bdnagent.exe" = "C:\Programmi\Softwin\BitDefender9\bdnagent.exe"
@BDSwitchAgent"C:\Programmi\Softwin\BitDefender9\bdswitch.exe" = "C:\Programmi\Softwin\BitDefender9\bdswitch.exe"
@NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
@D-Link AirPlus G"C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" = "C:\Programmi\D-Link\AirPlus G\AirGCFG.exe"
@ANIWZCS2Service"C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" = "C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
@NvMediaCenter"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@NeroFilterCheck"C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" = "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"C:\PROGRA~1\MICROS~3\wcescomm.exe" = "C:\PROGRA~1\MICROS~3\wcescomm.exe"
@Steam"C:\Programmi\Steam\Steam.exe" -silent = "C:\Programmi\Steam\Steam.exe" -silent
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MICROS~3\Wcesview.dll = C:\PROGRA~1\MICROS~3\Wcesview.dll
@{B9E1D2CB-CCFF-4A