Pomocy trojany robaki :(;( nie da się tego usunąć

Dla specjalistów Bezpieczeństwo
#1 
Logfile of HijackThis v1.99.1

Scan saved at 15:54:10, on 2007-02-27

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\System32\Ati2evxx.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\Ati2evxx.exe

G:\WINDOWS\system32\spoolsv.exe

G:\WINDOWS\Explorer.EXE

G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

G:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

G:\Program Files\Neostrada TP\NeostradaTP.exe

G:\Program Files\Neostrada TP\ComComp.exe

G:\Program Files\Gadu-Gadu\gg.exe

G:\WINDOWS\system32\cmd.exe

G:\Program Files\Mozilla Firefox\firefox.exe

G:\Documents and Settings\Knapiczek\Pulpit\hijackthis\HijackThis.exe

G:\WINDOWS\system32\tftp.exe

G:\WINDOWS\system32\tftp.exe

G:\WINDOWS\system32\tftp.exe

G:\WINDOWS\system32\tftp.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - G:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - G:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WooCnxMon] G:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] G:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [kis] "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [WOOWATCH] G:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - Global Startup: DSLMON.lnk = G:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{D15CCFC6-3664-465A-ADD7-6F7252F6073A}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: G:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

O20 - Winlogon Notify: klogon - G:\WINDOWS\System32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: bgg - Unknown owner - G:\WINDOWS\enbgg.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: RadClock - Unknown owner - G:\WINDOWS\system32\RadClock.exe (file missing)
#2

Usuń wpis HJT.

Czy masz jeszcze Bezpiecznik Gadu-Gadu? Jeśli nie to wybierz start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Ze względu na aktywny proces tftp.exe proszę pokazać jeszcze log z SilentRunners plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

  1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

  2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

#3 
GMER 1.0.12.12027 - http://www.gmer.net

Rootkit scan 2007-02-27 16:43:48

Windows 5.1.2600 



---- System - GMER 1.0.12 ----


SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwClose

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateSection

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwCreateThread

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwFlushKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwLoadKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwOpenKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwOpenSection

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwQueryKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwResumeThread

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSaveKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[284]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[285]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[286]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[287]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[288]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[289]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[290]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[291]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[292]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[293]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[294]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[295]

SSDT \??\G:\WINDOWS\system32\drivers\klif.sys SSDT[296]


---- Devices - GMER 1.0.12 ----


Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8166B870


---- Kernel code sections - GMER 1.0.12 ----


.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + BB 804F0064 7 Bytes JMP F0C29E10 \??\G:\WINDOWS\system32\drivers\klif.sys

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [3A, 6B, 94, F9]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [7E, 6C, 94, F9]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [F6, 6F, 94, F9]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 804FC800 4 Bytes [18, 6A, 94, F9]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 38C 804FC8A4 4 Bytes [C0, 70, 94, F9]

.text ...                                                                                                      

.text ntdll.dll!NtClose 77F7E543 5 Bytes JMP 7203407A 

.text ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes JMP 72034205 

.text ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes JMP 720340E9 

.text ntdll.dll!NtCreateSection 77F7E6D3 5 Bytes JMP 72034098 


---- Devices - GMER 1.0.12 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 817A90E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 817A90E8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8166B870

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8166B870

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 817AA8C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 817AA8C0

Device \Driver\00000052 \Device\00000048 IRP_MJ_POWER [F994DEA8] sptd.sys

Device \Driver\00000052 \Device\00000048 IRP_MJ_SYSTEM_CONTROL [F9961A70] sptd.sys

Device \Driver\00000052 \Device\00000048 IRP_MJ_PNP [F995A728] sptd.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 817AAAF8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8162F590

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81330848

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81330848

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 817AAAF8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8162F590

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8162F590

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81333848

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81333848

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81333848

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_CREATE 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_CLOSE 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_INTERNAL_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_CLEANUP 81333848

Device \Driver\NetBT \Device\NetBT_Tcpip_{D15CCFC6-3664-465A-ADD7-6F7252F6073A} IRP_MJ_PNP 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81333848

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81333848

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 817AA350

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 817AA350

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81329848

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81329848

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81329848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 81338848

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 81338848

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 817AAAF8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 817AAAF8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 81339848

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 81339848

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81507C40

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 81507C40

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8166B870

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8166B870

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8163AE20

Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8163AE20

Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible F041B7FC


---- EOF - GMER 1.0.12 ----

logo nie pełne bo mi błąd wyskoczył że za 1min wyłączy mi kompa

#4

Jest Ok.

Pokaż jeszcze log wykonany przy takim ustawieniu:

Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta