| Precedente :: Successivo |
| Autore |
Messaggio |
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
 Inviato: 06 Lug 2006 16:39 Oggetto: Variante Trojan agent?!!? |
 |
|
Come da accordi posto i log dei vari porgrammi:
Hackjack log:
Logfile of HijackThis v1.99.1
Scan saved at 16.29.02, on 06/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Diskeeper\DkService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
L:\Programmi utili\HiJackThis\HijackThis.exe
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programmi\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Tau Monitor] C:\Programmi\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Re&Get Deluxe - C:\Programmi\File comuni\ReGet Shared\CC_Link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://selfcare.rossoalice.virgilio.it
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe |
|
| Top |
|
 |
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 16:43 Oggetto: Log adspy hack jack |
|
|
C:\WINDOWS\pss\win.ini.backup : s1 (4 bytes)
C:\WINDOWS\win.tmp : s1 (4 bytes)
E:\quark xpress\jaws\ttfont\TNG,Monitors,Plain : .ps (83 bytes)
E:\quark xpress\jaws\ttfont\TNG-Monitors-Plain : .ps (83 bytes)
E:\quark xpress\jaws\ttfont\TNGMonitorsPlain : .ps (81 bytes) |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 16:51 Oggetto: log silentrunners |
|
|
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AWMON" = ""C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PRONoMgr.exe" = "C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe" ["Intel(R) Corporation"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Outpost Firewall" = "C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Acrobat Assistant 7.0" = ""C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = "C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"DAEMON Tools-1033" = ""C:\Programmi\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"EPSON Stylus Photo R220 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"" ["SEIKO EPSON CORPORATION"]
"RemoteControl" = "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"DiskeeperSystray" = ""C:\Programmi\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."]
"Adobe Version Cue CS2" = ""E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"" ["Adobe Sytems Incorporated"]
"VIRIT LITE MONITOR" = "C:\VEXPLITE\MONLITE.EXE" ["TG Soft S.a.s."]
"Tau Monitor" = "C:\Programmi\Agnitum\Tauscan 1.7\taumon.exe" ["Agnitum Ltd."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Cartelle condivise"
\InProcServer32\(Default) = "C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}" = "Tauscan Menu"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {HKLM...CLSID} = "Eudora's Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\Qualcomm\Eudora\EuShlExt.dll" ["Qualcomm Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Madlady" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"Adobe Gamma" -> shortcut to: "C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"EPSON Status Monitor 3 Environment Check 2" -> shortcut to: "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE" ["SEIKO EPSON CORPORATION"]
"Logitech SetPoint" -> shortcut to: "C:\Programmi\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [file not found]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{17939A30-18E2-471E-9D3A-56DD725F1215}" = "ReGet Bar"
-> {HKLM...CLSID} = "ReGet Bar"
\InProcServer32\(Default) = "C:\Programmi\ReGetDx\iebar.dll" ["ReGet Software"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [file not found]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{16664849-0E00-11D2-8059-000000000000}\(Default) = "MSIE Spy"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programmi\File comuni\ReGet Shared\Catcher.dll" ["ReGet Software"]
HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Regolazione del Browser"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Ricerche"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll" [file not found]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" [file not found]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Ricerche"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
%NVSVC.name%, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
avast! Antivirus, avast! Antivirus, ""C:\Programmi\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Diskeeper, Diskeeper, "C:\Programmi\Diskeeper\DkService.exe" ["Executive Software International, Inc."]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /service" ["Agnitum Ltd."]
PC Tools Spyware Doctor, SDhelper, "C:\Programmi\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
Ulead Burning Helper, UleadBurningHelper, "C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Virit eXplorer Lite, viritsvclite, "C:\VEXPLITE\viritsvc.exe" ["TG Soft Sas www.tgsoft.it"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech, Inc."]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
EPSON Stylus Photo R220 Series 2KMonitor5E\Driver = "E_FLMAIE.DLL" ["SEIKO EPSON CORPORATION"]
EPSON V3 2KMonitor306\Driver = "E_SL2306.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 23 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 65 seconds) |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 16:52 Oggetto: log gmer rootkit |
|
|
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-06 16:40:55
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \??\C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\FILTNT.SYS ZwWriteVirtualMemory
---- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 885BAD40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 885BAD40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 885BAD40
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 88706490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 88706490
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 885BAD40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 885BAD40
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 885BAD40
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 8852F950
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSEIRP_MJ_READ 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP_POWER 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8858C4B8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 8858C4B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8852F950
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 8852F950
---- Modules - GMER 1.0.10 ----
Module _________ F744C000
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\lpt6.msr
File D:\System Volume Information\catalog.wci
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File K:\System Volume Information\MountPointManagerRemoteDatabase
File K:\System Volume Information\tracking.log
File K:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File L:\System Volume Information\MountPointManagerRemoteDatabase
File L:\System Volume Information\tracking.log
File L:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
---- EOF - GMER 1.0.10 ---- |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 16:53 Oggetto: autostart gmer |
|
|
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-06 16:42:03
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt6.msr
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.EXE
Diskeeper /*Diskeeper*/@ = C:\Programmi\Diskeeper\DkService.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
NVSvc /*%NVSVC.name%*/@ = %SystemRoot%\system32\nvsvc32.exe
OutpostFirewall /*Outpost Firewall Service*/@ = C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /service
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@PRONoMgr.exeC:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe = C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@Outpost FirewallC:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice /*file not found*/ = C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@EPSON Stylus Photo R220 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@DiskeeperSystray"C:\Programmi\Diskeeper\DkIcon.exe" = "C:\Programmi\Diskeeper\DkIcon.exe"
@Adobe Version Cue CS2"E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" = "E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@Tau MonitorC:\Programmi\Agnitum\Tauscan 1.7\taumon.exe = C:\Programmi\Agnitum\Tauscan 1.7\taumon.exe
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@AWMON"C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" = "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} = C:\Programmi\Qualcomm\Eudora\EuShlExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} /*Tauscan Menu*/C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll = C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.7\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81CB4832-C49A-44AA-AA79-B53DB1F5BCA0} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.164.0.2 = 192.164.0.2
@NameServer =
@DefaultGateway =
@Domain =
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
EPSON Status Monitor 3 Environment Check 2.lnk = EPSON Status Monitor 3 Environment Check 2.lnk
Logitech SetPoint.lnk = Logitech SetPoint.lnk
---- EOF - GMER 1.0.10 ---- |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 17:05 Oggetto: |
|
|
Non ho presenza di link optimizer, ne di account strani (sono stati rimossi e non sono mai stati ricreati).
Non ci sono eseguibili a nomi strani cretai nell'ultima settimana.
Il VirIt continua a darmi il warning \\?\c:\windows\system32\LPT6.MSR
che modifica il registro dell'esecuzione automatica e si esegue.
il file è ovviamente non rintracciabile e intoccabile. |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 06 Lug 2006 17:08 Oggetto: |
|
|
Non ti preoccupare ch eadesso lo cacciamo... ma lo riesci a vedere? Direi di no...
Resta in attesa...  |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 17:21 Oggetto: |
|
|
| no, onestamente lo vedono solo VirIt e Gmer |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 06 Lug 2006 17:36 Oggetto: |
|
|
scarica ATFCleaner da Atribune e salvalo sul desktop
Rifai la scansione degli ADS con HijackThis, seleziona solo queste voci (qui sotto) e premi Remove selected.
| Citazione: | C:\WINDOWS\pss\win.ini.backup : s1 (4 bytes)
C:\WINDOWS\win.tmp : s1 (4 bytes) |
Rifai la scansione e verifica che le voci siano scomparse, altrimenti riprova.
Fai il log normale di HijackThis, premi Do a system scan only, metti un segno di spunta accanto a queste voci e poi premi Fix checked
| Citazione: | O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing) |
Disinstalla tutte le voci in cui è citato java dal Pannello di controllo (Java, Java Runtime...)
Stampati queste istruzioni o salvale in un file nel desktop, dato che non potrai consultarle online
Scarica The Avenger sul Desktop.
- Estrai l´eseguibile sul desktop.
- copia il contenuto di questa finestra negli appunti (CTRL+C)
| Citazione: |
Files to move:
C:\WINDOWS\system32\lpt6.msr | c:\zeus\lpt6.msr
Files to delete:
C:\WINDOWS\system32\lpt6.msr
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs |
- avvia The Avenger e seleziona "Input Script Manually"
- clicca sulla icona con la lente di ingrandimento
- si aprirà una nuova finestra con scritto "View/edit script"
- incolla quanto copiato sopra premendo Ctrl+V
- clicca Done
- clicca l'icona con il semaforo con la luce verde per avviare lo script
- rispondi "Yes" due volte
se non si riavvia, riavvialo tu.
Riavvia in modalità provvisoria: premi F8 al Boot subito dopo il caricamento del BIOS e dal menu che comparirà seleziona modalità Provvisoria (safe mode)
In modalità provvisoria vai in C:\Zeus e guarda se è presente il file lpt6.msr. Se lo vedi mettilo in un file zip con password. Metti la password "infected"
avvia Virit e cancella quello che dovesse trovare
Avvia ATF cleaner clicca sul menu main e poi seleziona la casella Select All. Se usi Firefox o Opera fai la stessa cosa premendo rispettivamente anche su Firefox e Opera (se vuoi mantenere le password deseleziona la rispettiva casella). Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.
Riavvia in modalità normale e ripeti la procedura con ATF Cleaner.
Adesso, se si è riavviato il PC (come spero ) verifica se hai risolto il problema.
Se sei riuscito a creare il file ZIP, mandamelo per favore a www.suspectfile.com
Poi posta:
- il log di Gmer (Rootkit+Startup)
- il contenuto del file c:\avenger.txt
Ciao  |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 18:43 Oggetto: |
|
|
allora...
l'operazione ha portato a spostare il file in una directory che si chiama Avenger ( e non Zeus come editato nello script, ma è li...)
Lo vedo ma non posso zipparlo. Ora eseguo la modalità provvisoria e faccio la pulizia |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 19:26 Oggetto: |
|
|
VirIt non ha rilevato nulla.
Ho eseguito lo scan in modalità provvisoria e non c'è nulla.
Di seguito i log:
Gmer Rootkit:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-06 19:21:39
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \??\C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\FILTNT.SYS ZwWriteVirtualMemory
---- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 89862538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 89862538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 89862538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 8863E038
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 8863E038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 89862538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 89862538
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 89862538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 8858E4A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSEIRP_MJ_READ 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP_POWER 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP 885B4208
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 885B4208
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8858E4A8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 8858E4A8
---- Modules - GMER 1.0.10 ----
Module _________ F744C000
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\catalog.wci
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File K:\System Volume Information\MountPointManagerRemoteDatabase
File K:\System Volume Information\tracking.log
File K:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
File L:\System Volume Information\MountPointManagerRemoteDatabase
File L:\System Volume Information\tracking.log
File L:\System Volume Information\_restore{C48C53D0-C9E8-4CB4-A803-5A5D43B2B13C}
---- EOF - GMER 1.0.10 ---- |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 19:27 Oggetto: |
|
|
Gmer autostart
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-06 19:22:37
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.EXE
Diskeeper /*Diskeeper*/@ = C:\Programmi\Diskeeper\DkService.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
NVSvc /*%NVSVC.name%*/@ = %SystemRoot%\system32\nvsvc32.exe
OutpostFirewall /*Outpost Firewall Service*/@ = C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /service
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@PRONoMgr.exeC:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe = C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@Outpost FirewallC:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice /*file not found*/ = C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@EPSON Stylus Photo R220 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@DiskeeperSystray"C:\Programmi\Diskeeper\DkIcon.exe" = "C:\Programmi\Diskeeper\DkIcon.exe"
@Adobe Version Cue CS2"E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" = "E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} = C:\Programmi\Qualcomm\Eudora\EuShlExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} /*Tauscan Menu*/(null) =
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81CB4832-C49A-44AA-AA79-B53DB1F5BCA0} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.164.0.2 = 192.164.0.2
@NameServer =
@DefaultGateway =
@Domain =
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
EPSON Status Monitor 3 Environment Check 2.lnk = EPSON Status Monitor 3 Environment Check 2.lnk
Logitech SetPoint.lnk = Logitech SetPoint.lnk
---- EOF - GMER 1.0.10 ---- |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 19:28 Oggetto: |
|
|
Avenger log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wahobdve
*******************
Script file located at: \??\C:\WINDOWS\system32\ffxbwonj.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\lpt6.msr not found!
File move operation C:\WINDOWS\system32\lpt6.msr|C:\zeus\lpt6.msr failed!
Could not process line:
C:\WINDOWS\system32\lpt6.msr|C:\zeus\lpt6.msr
Status: 0xc0000034
File C:\WINDOWS\system32\lpt6.msr not found!
Deletion of file C:\WINDOWS\system32\lpt6.msr failed!
Could not process line:
C:\WINDOWS\system32\lpt6.msr
Status: 0xc0000034
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate. |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 06 Lug 2006 19:42 Oggetto: |
|
|
Il file maledetto ora gmer non lo trova più, solo che ora ce l'ho li sul c nella cartella Avenger e non si puo' ne cancellare ne rinominare.
Ho pure caricato una versione della knoppyx ma pure li è intoccabile... |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 07 Lug 2006 11:29 Oggetto: |
|
|
Bene, non è andata proprio come immaginavo, ma almeno il trojan adesso è inattivo, per questo GMER non lo vede più. Come va il PC adesso?
Prima di eliminare il file (ormai non può fare danni) lo vorrei avere per studiarlo e inviarlo alle aziende AV. Quindi ti chiedo di fare questi tentativi per zipparlo.
1) cliccaci sopra con il tasto destro e scegl dal menu Proprietà > Autorizzazioni. Imposta a te il controllo completo
2) prova a rinominarlo con un nome di tua fantasia (pippo.txt ad esempio). Il nome non deve essere del tipo lpt#.XXX (lpt1, lpt2, lpt3...lptn sono nomi riservati in windows)
3) scarica Darkspy ed avvialo. Ti compare il messaggio se vuoi usarlo in modalità Supermode. Accetta e il computer si riavvierà. Al riavvio aprilo di nuovo se non si apre da solo. Clicca sul tab File e naviga fino al file. Lo selezioni e con il tasto destro scegli Copy. Scegli il percorso ed il nome (diverso da lpt#) . Se ti riesce (verifica con gestione risorse che la copia è stata creata) poi provi invece sempre da Darkspy a riselezionare il file lpt6 con il tasto destro e a scegliere Delete
quendo lo hai zippato, mandamelo a www.suspectfile.com
Ciao
PS: Mi dici il percorso esatto del file? |
|
| Top |
|
|
Disperante
Mortale pio
Registrato: 06/07/06 12:49
Messaggi: 15
|
| Inviato: 07 Lug 2006 13:44 Oggetto: |
 |
|
Ciao,
allora il pc va meglio non ho più l'alert di scrittura sul registro
Ho provato renderlo avvicinabile a rinominarlo, ma il responso è sempre quello, file inesistente non c'è o è corrotto. Eppure è li nella cartella c:\Avenger\
Ho provato a mandarlo in zip ma non c'è verso.
vedo cosa riesco a fare con darkspy |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
