Wirus w winlogon.exe (brak pomyslu)

czarek1982 · 19 Marzec 2007 15:24

czesc.

od jakiegos czasu borykam sie z kilkoma syfkami na kompie.

zaczelo sie od jakiegos bzdurnego pliku ktory byl zainfekowany. niby nod32 poradzil sobie bez problemu, a jednak system zaczal sie sypac.

1 stadium opieralo sie o bluescreen’y. poszukalem u pani w google i zmienilem stery nvidii na omegi. przy okazji podkrecilem karte, wyczyscilem system, pousuwalem syfki etc.

od jakiegos tygodnia znow sie cos przyplatalo. hijackthis wyglada czysto (dla pewnosci go wkleje), zaczely sie od czasu do czasu bluescreeny, zwlaszcza podczas gdy probuje zrobic skan gmer’em. oprocz tego, choc nie wiem czy to zwiazane jest ze sprawa, jesli ktos chce cos ode mnnie sciagnac w lanie rowniez ukazuje mi sie niebieski ekran. nod32 za kazdym razem gdy robie cos polaczonego z kozystaniem z internetu informuje ze mam wira, ale sobie nie poradzi:

informacje o wirusie: c:\windows\system32\winlogon.exe

wirus: win32/wigon.I trojan

gmer tylko raz przeszedl caly skan i w zakladce rootkit otrzymalem:

service c:\windows\system32:lzx32.sys(***hidden***) [sYSTEM}pe386

w uslugach zas na czerwono jest:

pe386 system ??\c:\windows\system32:lzx32.sys win32 lzx files loader

kozystalem tez z Spybot - Search & Destroy ktory cos znalazl ale raczej nic szczegolnego.

aha i jeszcze 1. po przeczytaniu tematu http://forum.dobreprogramy.pl/viewtopic … 6b27531a4c probowalem cos poradzic, ale zakonczylo sie to rowniez fiaskiem. bluescreen’a nie moge spisac gdyz od razu jest reset, pomimo odznaczenia ptaszka przy opcji resetowania po awarii systemu

szczerze wam powiem, ze mam juz dosc i napewno sie gdzies po drodze pogubilem miedzy roznymi forami radami itd… ale reinstall mi sie nie usmiecha, wiec moze wy mi pomozecie??

Logfile of HijackThis v1.99.1

Scan saved at 16:26:37, on 2010-03-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\Programy zainstalowane\nod\nod32kui.exe

D:\GRY i save\Gry\cs\Steam.exe

D:\Programy zainstalowane\hddlife\HDDlifePro.exe

D:\Programy zainstalowane\Speedfan\speedfan.exe

D:\Programy zainstalowane\nod\nod32krn.exe

C:\windows\system32\svchost.exe

C:\windows\system32\wscntfy.exe

C:\windows\System32\svchost.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\Programy zainstalowane\azureus\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\D duzy\Progsy\Win 98 progsy instalacyjne\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.dami-rz.pl:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Programy zainstalowane\GetRight\xx2gr.dll

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”

O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”

O4 - HKLM…\Run: [QuickTime Task] “D:\Programy zainstalowane\quicktimeplayer\qttask.exe” -atboottime

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [ATITool] “C:\Program Files\ATITool\ATITool.exe” -s

O4 - HKLM…\Run: [nod32kui] “D:\Programy zainstalowane\nod\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [steam] D:\GRY i save\Gry\cs\Steam.exe -silent

O4 - Startup: HDDlife.lnk = D:\Programy zainstalowane\hddlife\HDDlifePro.exe

O4 - Startup: SpeedFan.lnk = D:\Programy zainstalowane\Speedfan\speedfan.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{06576A93-FC67-47AD-A003-A0220D647D6B}: NameServer = 88.156.160.4,88.139.8.7

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Programy zainstalowane\nod\nod32krn.exe

O23 - Service: RadClock - Unknown owner - C:\windows\system32\RadClock.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\windows\system32\UTSCSI.EXE

adam9870 · 19 Marzec 2007 15:38

Log z hijacka jest w porządku.

Masz rootkita pe386. Jego głównymi objawami są właśnie takie rzeczy jak samoczynne resety, czy pojawianie się BSOD.

Użyj narzędzia Rustock.b-fix, a następnie dla pewności wklej raport plus log z Gmer’a:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

czarek1982 · 19 Marzec 2007 16:17

niestety wirusik dalej sobie siedzi i nod wywala bledy

petlog.txt

************************* Rustock.b-fix – By ejvindh *************************

2010-03-19 17:10:50,98

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure…

Rustock.b-ADS attached to the System32-folder:

:lzx32.sys 72864

Total size: 72864 bytes.

Attempting to remove ADS…

system32: deleted 72864 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:

No Rustock.b-files found in system32

******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:

No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:

No Rustock.b-files found in system32

******************************* End of Logfile ********************************

avenger.txt

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\gqipcctk

*******************

Script file located at: ??\C:\Program Files\xtvbswwg.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

adam9870 · 19 Marzec 2007 16:30

Gdzie log z Gmer’a?

Uruchom Konsolę odzyskiwania CD i wydaj następujące polecenia:

czarek1982 · 19 Marzec 2007 17:32

log z gmera (sorry za opoznienie)

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2010-03-19 18:32:15 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT ??\D:\Programy zainstalowane\antywiry\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey SSDT ??\D:\Programy zainstalowane\antywiry\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- ? C:\windows\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\windows\System32\Drivers\SPTD6141.SYS Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\windows\System32\Drivers\dtscsi.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823DEEB0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823DEEB0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 81BA09B0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 81BA09B0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82396C78 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82396C78 Device \Driver\00000049 \Device\00000053 IRP_MJ_POWER [F844DA26] sptd.sys Device \Driver\00000049 \Device\00000053 IRP_MJ_SYSTEM_CONTROL [F8461BD8] sptd.sys Device \Driver\00000049 \Device\00000053 IRP_MJ_PNP [F845A54E] sptd.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82396EB0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81CC0690 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81C965D0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81C965D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82396EB0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81CC0690 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81CC0690 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81CFDA08 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81CFDA08 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81CFDA08 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81CFDA08 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_CREATE 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_CLOSE 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_INTERNAL_DEVICE_CONTROL 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_CLEANUP 81CFDA08 Device \Driver\NetBT \Device\NetBT_Tcpip_{06576A93-FC67-47AD-A003-A0220D647D6B} IRP_MJ_PNP 81CFDA08 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 823DE0E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 823DE0E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81C9D9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81C9D9C0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 81BB80E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 81BB80E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82396EB0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82396EB0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 81C7AC38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 81C7AC38 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_CREATE 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_POWER 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 IRP_MJ_PNP 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_CREATE 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_CLOSE 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_DEVICE_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_POWER 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_SYSTEM_CONTROL 82396788 Device \Driver\si3112r \Device\Scsi\si3112r1 IRP_MJ_PNP 82396788 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81C6E0E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 81C6E0E8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 81BA09B0 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 81BA09B0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81AE53D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81AE53D8 ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 … Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD … ---- EOF - GMER 1.0.12 ----

M_i_r · 20 Marzec 2007 19:30

Próbowałeś NOD32 v2.7 ,który wykrywa rootkity,w trybie awaryjnym?

czarek1982 · 20 Marzec 2007 19:32

nie. a czy na niego trzeba miec licencje albo cos podobnego??

Gutek · 20 Marzec 2007 23:14

Jest Ok

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW!

Pozdrawiam Gutek2222