Non mi pare di aver trovato nulla, ti allego i risultati, se trovi qualcosa tu...
comunque in rosso non c'è nulla...
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2008-01-19 20:04:03
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT a347bus.sys ZwClose
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwRenameKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
? F:\WINDOWS\system32\Drivers\mchInjDrv.sys Impossibile trovare il file specificato.
---- User code sections - GMER 1.0.13 ----
.text F:\WINDOWS\system32\csrss.exe[556] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\csrss.exe[556] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\csrss.exe[556] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\winlogon.exe[580] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\services.exe[624] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\services.exe[624] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\lsass.exe[636] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\lsass.exe[636] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[864] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[864] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\System32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\spoolsv.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\spoolsv.exe[1028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\spoolsv.exe[1028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe[1164] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe[1164] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1200] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1200] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[1236] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[1236] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Spyware Doctor\pctsAuxs.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Spyware Doctor\pctsAuxs.exe[1392] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Spyware Doctor\pctsAuxs.exe[1392] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Spyware Doctor\pctsSvc.exe[1476] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 5F, 98, C3, 83 ]
.text F:\WINDOWS\Explorer.EXE[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\Explorer.EXE[1652] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\Explorer.EXE[1652] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe[1780] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe[1780] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Trust\CnxDslTb.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Trust\CnxDslTb.exe[1796] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Trust\CnxDslTb.exe[1796] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Documents and Settings\Federico\Desktop\gmer.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Documents and Settings\Federico\Desktop\gmer.exe[1804] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\Documents and Settings\Federico\Desktop\gmer.exe[1804] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Documents and Settings\Federico\Desktop\gmer.exe[1804] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\rundll32.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\rundll32.exe[1816] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\rundll32.exe[1816] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1832] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1832] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[1848] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[1848] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1948] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1948] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1948] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe[1956] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe[1956] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Spyware Doctor\pctsTray.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Spyware Doctor\pctsTray.exe[2012] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 8B, 96, C3, 83 ]
.text F:\Programmi\Spyware Doctor\pctsTray.exe[2012] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Spyware Doctor\pctsTray.exe[2012] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[2220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[2220] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[2220] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[2220] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\WINDOWS\System32\alg.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\WINDOWS\System32\alg.exe[2388] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\WINDOWS\System32\alg.exe[2388] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\WINDOWS\System32\alg.exe[2388] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2C1 F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379166F F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915F0 F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791634 F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4379157C F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915B6 F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916AA F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 43621676 F:\WINDOWS\system32\IEFRAME.dll
.text F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe[2740] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe[2740] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe[2740] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
---- Devices - GMER 1.0.13 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867E73F0
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F77211DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F77211DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7721454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F77211DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7714F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F789E466] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F789E408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE