Results 1 to 4 of 4

Thread: Virtumonde & Win32.Bagle.hi (I suppose)

  1. 2008-01-19, 16:52 #1
    Smarty75
    Smarty75 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Angry Virtumonde & Win32.Bagle.hi (I suppose)

    Hi all!!

    My AntiVir Personal Edition doesnt work anymore, SpyBot doesn't start, so I don't know what to do!!

    Here is my HJT report:
    Code:
    Logfile of HijackThis v1.99.1
Scan saved at 16.40.28, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Music Up\Desktop\gmer\gmer.exe
C:\Documents and Settings\Music Up\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Programmi\StartRight\StartRight.exe" -go 
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Programmi\StartRight\StartRight.exe" -pre 
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://p463.demo.pixord.com/push04.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120173459437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142636725046
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} (ProfileAccessCtrl Class) - http://p463.demo.pixord.com/access01.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: Fetnffripor - VIA Technologies, Inc.               - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
  2. 2008-01-19, 16:55 #2
    Smarty75
    Smarty75 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default

    And here it is my GMER report:

    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2008-01-19 16:55:33
    Windows 5.1.2600 Service Pack 2


    ---- User code sections - GMER 1.0.13 ----

    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2C1 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379166F C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915F0 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791634 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4379157C C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915B6 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916AA C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 43621676 C:\WINDOWS\system32\IEFRAME.dll

    ---- Kernel code sections - GMER 1.0.13 ----

    ? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
    ? C:\WINDOWS\System32\Drivers\SPTD2125.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.
    ? C:\WINDOWS\System32\Drivers\dtscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.

    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82395EB0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82395EB0
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823E0808
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823E0808
    Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1944B10
    Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1944B10
    Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1944B10
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823E0A40
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 821160E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 821160E8
  3. 2008-01-19, 16:56 #3
    Smarty75
    Smarty75 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default

    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 820250E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 820250E8
    Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E15A5188
    Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E15A5188
    Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E15A5188
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81FA25E0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81FA25E0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81FA25E0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81FA25E0
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81FA25E0
    Device \Driver\00000054 \Device\0000004f IRP_MJ_POWER [F844EA26] sptd.sys
    Device \Driver\00000054 \Device\0000004f IRP_MJ_SYSTEM_CONTROL [F8462BD8] sptd.sys
    Device \Driver\00000054 \Device\0000004f IRP_MJ_PNP [F845B54E] sptd.sys
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 823950E8
    Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 823950E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 821F3EB0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 821F3EB0
  4. 2008-01-19, 16:57 #4
    Smarty75
    Smarty75 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    4

    Default

    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CREATE 81FA25E0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CLOSE 81FA25E0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CLEANUP 81FA25E0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_PNP 81FA25E0
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 821C1860
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 821C1860
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823E0A40
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823E0A40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 820A27D0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 820A27D0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 81FF8EB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 81FF8EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82395EB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82395EB0
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81F9F750
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81F9F750

    ---- Kernel IAT/EAT - GMER 1.0.13 ----

    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F845089E] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466D86] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F8450E24] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F8450D28] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F8450EF4] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F8450EF4] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F8450E24] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F8450D28] sptd.sys
    IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84661AE] sptd.sys
    IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F8450A5A] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F846604A] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F84508F2] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8443AD2] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8443C0E] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8443B96] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F844476C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8444642] sptd.sys
    IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466E4A] sptd.sys
    IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84558C6] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F846604A] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8466056] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466E4A] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F8450CC6] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F8450CC6] sptd.sys

    ---- System - GMER 1.0.13 ----

    SSDT sptd.sys ZwCreateKey
    SSDT F82527E4 ZwCreateThread
    SSDT sptd.sys ZwEnumerateKey
    SSDT sptd.sys ZwEnumerateValueKey
    SSDT sptd.sys ZwOpenKey
    SSDT F82527D0 ZwOpenProcess
    SSDT F82527D5 ZwOpenThread
    SSDT sptd.sys ZwQueryKey
    SSDT sptd.sys ZwQueryValueKey
    SSDT sptd.sys ZwSetValueKey
    SSDT F82527DF ZwTerminateProcess
    SSDT F82527DA ZwWriteVirtualMemory

    ---- EOF - GMER 1.0.13 ----
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules