Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

bagle

Messaggioda dav16 » mar gen 16, 2007 9:39 am

ciao a tutti, visto che il mio firewall di windows è disattivato e non riesco più ad attivarlo (avevo aperto un post su questo problema).

ho seguito le istruzioni per rimuoverlo, ma quando incollo lo script su avenger e poi aver fatto done, mi viene fuori una domanda (sull'articolo c'è scritto di cliccare su si) ma poi mi viene "fatal error".

cosa devo fare?
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Re: bagle

Messaggioda dav16 » mar gen 16, 2007 9:41 am

risolto!!...ora riavvio il pc e guardo...
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Re: bagle

Messaggioda dav16 » mar gen 16, 2007 9:48 am

ho riavviato il pc ed è successo un paio di processi....poi mi comparre questo:



P.S. IL PROBLEMA E' STATO RISOLTO, INFATTI DOPO IL RIAVVIO IL FIREWALL E LA PROTEZIONE DA VIRUS RISULTA ATTIVA, METTO IL LOG SOLO PER SUGGERIMENTI O PER ALTRO [8D]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cubopcgn

*******************

Script file located at: \??\C:\WINDOWS\hawfltsw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



Could not open file C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



Could not open file C::\WINDOWS\system32\wintems.exe for deletion
Deletion of file C::\WINDOWS\system32\wintems.exe failed!

Could not process line:
C::\WINDOWS\system32\wintems.exe
Status: 0xc000003a



Could not open file C::\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file C::\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C::\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a



Could not open folder C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires for deletion
Deletion of folder C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires failed!

Could not process line:
C::\Documents and Settings\[Utente corrente]\Dati applicazioni\hidires
Status: 0xc000003a



Could not open folder C::\WINDOWS\exefld for deletion
Deletion of folder C::\WINDOWS\exefld failed!

Could not process line:
C::\WINDOWS\exefld
Status: 0xc000003a



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am


Re: bagle

Messaggioda dav16 » mar gen 16, 2007 10:13 am

il problema sembrava risolto invece...

dopo un po' che utilizzo il pc il firewall si disattiva ancora... cosa devo fare?
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Messaggioda Amantide » mar gen 16, 2007 12:10 pm

Avevi commesso l'errore nella compilazione dello scipt, un dopio doppipunti dopo la C e non avevi messo il nome del tuo utente al posto del [Utente corrente].
Come mai avevi eseguito lo script? Oltre al firewall non ti funziona nemmeno antivirus? Non riesci ad avviare il pc in modalità provvisoria? nel task manager è presente il processo nldrrr.exe? Avevi eseguito la scansione con Gmer e sei stato avvisato della presenza di un rootkit?
Se le risposte sono no, allora non si tratta del Bagle.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda dav16 » mar gen 16, 2007 1:00 pm

non riuscivo ad aprire il firewall e non mi risultava la protezione dei virus. per il resto la risposta è no. comunque dopo aver fatto come l'articolo diceva il firewall resta attivo per un po', e la protezione contro i virus è attiva, quindi qualcosa è migliorato. purtroppo il firewall dopo un po' si disattiva e se vado in panello di controllo-firewall mi viene un messaggio di errore. cosa posso fare? complimenti per l'ottimo e utile articolo [applauso+] [8D]
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Messaggioda Amantide » mar gen 16, 2007 1:11 pm

Per escludere completamente la causa virus postami i log della scansione con Gmer, le sezioni Autostart e Rootkit.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda dav16 » mar gen 16, 2007 1:47 pm

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-16 12:39:44
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Brother XP spl Service /*BrSplService*/@ = C:\WINDOWS\system32\brsvc01a.exe
CLCapSvc /*CyberLink Background Capture Service (CBCS)*/@ = "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" ? [% ???| ( .?p?? p?? î
CLSched /*CyberLink Task Scheduler (CTS)*/@ = "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" r n e l \ T V \ C L C a p S v c . e x e 
CyberLink Media Library Service /*CyberLink Media Library Service*/@ = "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
USBDeviceService /*USBDeviceService*/@ = C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_04\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
@HControlC:\WINDOWS\ATK0100\HControl.exe = C:\WINDOWS\ATK0100\HControl.exe
@Ulead AutoDetector v2C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe = C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
@DetectorAppC:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe = C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
@ISUSPM StartupC:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@PCMService"c:\APPS\Powercinema\PCMService.exe" = "c:\APPS\Powercinema\PCMService.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@SSBkgdUpdate"C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot = "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
@PaperPort PTDC:\Programmi\ScanSoft\PaperPort\pptd40nt.exe = C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
@IndexSearchC:\Programmi\ScanSoft\PaperPort\IndexSearch.exe = C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
@SetDefPrtC:\Programmi\Brother\Brmfl05a\BrStDvPt.exe = C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
@ControlCenter2.0C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun = C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SmpcSysC:\APPS\SMP\SmpSys.exe = C:\APPS\SMP\SmpSys.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL /*file not found*/ = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL /*file not found*/
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLfile://C:\APPS\IE\offline\it.htm = file://C:\APPS\IE\offline\it.htm
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagefile://C:\APPS\IE\offline\it.htm = file://C:\APPS\IE\offline\it.htm
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msero@CLSID = C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\MSERO.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Tasto di scelta rapida per l'avvio di AutoCAD.lnk = Tasto di scelta rapida per l'avvio di AutoCAD.lnk

---- EOF - GMER 1.0.12 ----








GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-16 12:46:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865218C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 861BE2E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861BE2E0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 860F36A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 861BE2E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 861BE2E0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 861BF0C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 861BF0C8
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86059C50
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 861CE880
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 861CE880
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 863E29C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8619D290
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_CREATE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_CLOSE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_READ 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_WRITE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SET_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_EA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SET_EA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SHUTDOWN 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_CLEANUP 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SET_SECURITY 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_POWER 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_SET_QUOTA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port1Path0Target0Lun0 IRP_MJ_PNP 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 863E8008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 863E8008
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86529378
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86529378
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86529378
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86529378
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86529378
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8605B180

---- Modules - GMER 1.0.12 ----

Module _________ F73D1000

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE

---- EOF - GMER 1.0.12 ----
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Messaggioda Amantide » mar gen 16, 2007 1:57 pm

Di cattivo c'è solo questa voce:
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE

Apri il Hijacktjis, vai su Open the Misc Tools section, apri Open ADS Spy... , deseleziona Quick scan e poi premi Scan. A scansione terminata trova questa voce:
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
...selezionala e premi Remove selected.

Poi scarica CCleaner e fai la pulizia dei file temporanei ed infine installa un firewall serio, Comodo Firewall o Zone Alarm.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda dav16 » mar gen 16, 2007 2:38 pm

fatto...
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Messaggioda dav16 » mar gen 16, 2007 2:52 pm

ho installato comodo e ti devo chiedere delle cose:

1)all'avvio del pc mi comparre che CLML server.exe ha tentato di connettersi remote:
ip:127.0.0.1 port:12346-top

che cos'è????


2)non riesco a navigare con firefox, mi viene impossibile trovare la pagina (quando apro mozilla mi viene la finestra di comodo e io metto accetto ma non funziona)

3)come devo impostare comodo per non darmi problemi con shareaza (p2p)?

ciao [rotolo]
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am

Messaggioda Amantide » mar gen 16, 2007 3:05 pm

dav16 ha scritto:ho installato comodo e ti devo chiedere delle cose:

1)all'avvio del pc mi comparre che CLML server.exe ha tentato di connettersi remote:
ip:127.0.0.1 port:12346-top

che cos'è????

E'un processo di CyberLink Powercinema, non è dannoso.
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

2)non riesco a navigare con firefox, mi viene impossibile trovare la pagina (quando apro mozilla mi viene la finestra di comodo e io metto accetto ma non funziona)

Questa mi sembra strana. Prova a chiudere completamente sia Firefox che Comodo, non devono apparire più le loro icone nella traybar. Dopo avvia prima Comodo e poi Firefox e ridai tutti i permessi.
3)come devo impostare comodo per non darmi problemi con shareaza (p2p)?

http://www.MegaLab.it/forum/viewtopic.p ... ule+comodo
Devi solo cambiare le porte con quelle che usa shareaza.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda dav16 » mar gen 16, 2007 4:13 pm

grazie 1000
Avatar utente
dav16
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 4963
Iscritto il: mar ott 10, 2006 2:09 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising