RootkitRevealer: HKU\.DEFAULT\Control Panel\International 25.12.2007 22:03 0 bytes Security mismatch. HKU\.DEFAULT\Control Panel\International\Geo 25.12.2007 22:03 0 bytes Security mismatch. HKU\S-1-5-21-1482476501-484763869-839522115-1003\Control Panel\International 25.12.2007 22:03 0 bytes Security mismatch. HKU\S-1-5-21-1482476501-484763869-839522115-1003\Control Panel\International\Geo 25.12.2007 22:03 0 bytes Security mismatch. HKU\S-1-5-21-1482476501-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 17.10.2007 16:45 0 bytes Key name contains embedded nulls (*) HKU\S-1-5-18\Control Panel\International 25.12.2007 22:03 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International\Geo 25.12.2007 22:03 0 bytes Security mismatch. HKLM\SECURITY\Policy\Secrets\SAC* 31.12.2004 14:32 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 31.12.2004 14:32 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 28.02.2005 10:59 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 24.02.2007 11:03 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 28.02.2005 11:08 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 01.12.2006 11:15 0 bytes Access is denied. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher \cache 17.10.2007 18:42 0 bytes Hidden from Windows API. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher \logs 17.10.2007 18:42 0 bytes Hidden from Windows API. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher \settings 17.10.2007 18:42 0 bytes Hidden from Windows API. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher \temporary 17.10.2007 18:42 0 bytes Hidden from Windows API. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher\cache 17.10.2007 17:42 0 bytes Visible in Windows API, but not in MFT or directory index. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher\logs 17.10.2007 17:42 0 bytes Visible in Windows API, but not in MFT or directory index. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher\settings 17.10.2007 17:42 0 bytes Visible in Windows API, but not in MFT or directory index. F:\Dokumente und Einstellungen\ace\Anwendungsdaten\Sports Interactive\Installer Launcher\temporary 17.10.2007 17:42 0 bytes Visible in Windows API, but not in MFT or directory index. F:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 23.12.2007 00:08 252.00 KB Visible in Windows API, but not in MFT or directory index. F:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 23.12.2007 00:08 111.50 KB Visible in Windows API, but not in MFT or directory index. Blacklight: 12/26/07 21:30:40 [Info]: BlackLight Engine 1.0.67 initialized 12/26/07 21:30:40 [Info]: OS: 5.1 build 2600 (Service Pack 2) 12/26/07 21:30:40 [Note]: 7019 4 12/26/07 21:30:40 [Note]: 7005 0 12/26/07 21:30:48 [Note]: 7006 0 12/26/07 21:30:48 [Note]: 7011 1988 12/26/07 21:30:48 [Note]: 7026 0 12/26/07 21:30:48 [Note]: 7026 0 12/26/07 21:30:54 [Note]: FSRAW library version 1.7.1024 12/26/07 21:57:49 [Note]: 7007 0 Sophos: Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc Started logging on 26.12.2007 at 22:01:13 Stopped logging on 26.12.2007 at 22:10:08 Gmer: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-12-26 23:13:04 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT a347bus.sys ZwCreatePagingFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT F7C193BC ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT a347bus.sys ZwEnumerateKey SSDT a347bus.sys ZwEnumerateValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT F7C193A8 ZwOpenProcess SSDT F7C193AD ZwOpenThread SSDT a347bus.sys ZwQueryKey SSDT a347bus.sys ZwQueryValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT a347bus.sys ZwSetSystemPowerState SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT F7C193B7 ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile SSDT F7C193B2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.13 ---- ? F:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. PAGENDSM NDIS.sys!NdisMIndicateStatus F71A6A5F 6 Bytes JMP F164FED0 \SystemRoot\system32\drivers\fwdrv.sys .text USBPORT.SYS!DllUnload F69F780C 5 Bytes JMP 857D1780 ? System32\Drivers\a2nof4t0.SYS Das System kann die angegebene Datei nicht finden. ? F:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. ? F:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden. ? F:\WINDOWS\system32\3C.tmp Das System kann die angegebene Datei nicht finden. ---- User code sections - GMER 1.0.13 ---- .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\OO Software\CleverCache\ooccag.exe[256] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\System32\svchost.exe[324] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\System32\svchost.exe[324] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\System32\svchost.exe[324] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00070004 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0007011C .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000704F0 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0007057C .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000703D8 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0007034C .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00070464 .text F:\WINDOWS\System32\wdfmgr.exe[372] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00070608 .text F:\WINDOWS\System32\wdfmgr.exe[372] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text F:\WINDOWS\System32\wdfmgr.exe[372] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\iTunes\iTunesHelper.exe[508] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetOpenW 7718AF29 5 Bytes JMP 00130DB0 .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetConnectA 77193452 5 Bytes JMP 00130F54 .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetOpenA 7719578E 5 Bytes JMP 00130D24 .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetOpenUrlA 77195A5A 5 Bytes JMP 00130E3C .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00130FE0 .text F:\Programme\iTunes\iTunesHelper.exe[508] WININET.dll!InternetOpenUrlW 771A5B72 5 Bytes JMP 00130EC8 .text F:\Programme\iTunes\iTunesHelper.exe[508] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\iTunes\iTunesHelper.exe[508] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\iTunes\iTunesHelper.exe[508] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\iTunes\iTunesHelper.exe[508] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\iTunes\iTunesHelper.exe[508] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00160004 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0016011C .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001604F0 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateThread 7C810657 5 Bytes JMP 0016057C .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001603D8 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0016034C .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!WinExec 7C8615B5 5 Bytes JMP 00160464 .text F:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00160608 .text F:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC .text F:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00070004 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0007011C .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000704F0 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0007057C .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000703D8 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0007034C .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00070464 .text F:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00070608 .text F:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text F:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text F:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000708C4 .text F:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00070838 .text F:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00070950 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\system32\services.exe[752] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\system32\services.exe[752] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\system32\services.exe[752] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\system32\services.exe[752] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\system32\svchost.exe[916] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\system32\svchost.exe[976] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\System32\svchost.exe[1012] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\System32\svchost.exe[1012] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\System32\svchost.exe[1012] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenW 7718AF29 5 Bytes JMP 00080DB0 .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetConnectA 77193452 5 Bytes JMP 00080F54 .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenA 7719578E 5 Bytes JMP 00080D24 .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenUrlA 77195A5A 5 Bytes JMP 00080E3C .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0 .text F:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenUrlW 771A5B72 5 Bytes JMP 00080EC8 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\System32\svchost.exe[1068] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\System32\svchost.exe[1068] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\System32\svchost.exe[1068] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenW 7718AF29 5 Bytes JMP 00080DB0 .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetConnectA 77193452 5 Bytes JMP 00080F54 .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenA 7719578E 5 Bytes JMP 00080D24 .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 77195A5A 5 Bytes JMP 00080E3C .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0 .text F:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 771A5B72 5 Bytes JMP 00080EC8 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\system32\spoolsv.exe[1296] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\system32\spoolsv.exe[1296] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\system32\spoolsv.exe[1296] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\system32\spoolsv.exe[1296] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\system32\spoolsv.exe[1296] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\system32\spoolsv.exe[1296] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1344] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1520] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1576] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1592] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\Mamutu\a2service.exe[1756] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\Mamutu\a2service.exe[1756] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\Mamutu\a2service.exe[1756] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\Mamutu\a2service.exe[1756] ws2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\Programme\Mamutu\a2service.exe[1756] ws2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\Programme\Mamutu\a2service.exe[1756] ws2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\System32\alg.exe[1852] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\System32\alg.exe[1852] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\System32\alg.exe[1852] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\System32\alg.exe[1852] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\System32\alg.exe[1852] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\System32\alg.exe[1852] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00080004 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0008011C .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 000804F0 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0008057C .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 000803D8 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0008034C .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00080464 .text F:\WINDOWS\Explorer.EXE[1988] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00080608 .text F:\WINDOWS\Explorer.EXE[1988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text F:\WINDOWS\Explorer.EXE[1988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenW 7718AF29 5 Bytes JMP 00080DB0 .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetConnectA 77193452 5 Bytes JMP 00080F54 .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenA 7719578E 5 Bytes JMP 00080D24 .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenUrlA 77195A5A 5 Bytes JMP 00080E3C .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0 .text F:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenUrlW 771A5B72 5 Bytes JMP 00080EC8 .text F:\WINDOWS\Explorer.EXE[1988] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text F:\WINDOWS\Explorer.EXE[1988] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text F:\WINDOWS\Explorer.EXE[1988] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\WINDOWS\system32\oodag.exe[2016] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\WINDOWS\system32\oodag.exe[2016] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text F:\WINDOWS\system32\oodag.exe[2016] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text F:\WINDOWS\system32\oodag.exe[2016] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text F:\WINDOWS\system32\oodag.exe[2016] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\WINDOWS\system32\oodag.exe[2016] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, EF, F4 ] .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Programme\iPod\bin\iPodService.exe[2564] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Programme\iPod\bin\iPodService.exe[2564] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Programme\iPod\bin\iPodService.exe[2564] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!VirtualAlloc 7C809A71 5 Bytes JMP 00130004 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!VirtualAllocEx 7C809A92 5 Bytes JMP 0013011C .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!FreeLibrary + 15 7C80AC13 4 Bytes [ 25, 54, EF, F4 ] .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateRemoteThread 7C81044C 5 Bytes JMP 001304F0 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateThread 7C810657 5 Bytes JMP 0013057C .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 001303D8 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!CreateProcessInternalA 7C81D4BE 5 Bytes JMP 0013034C .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00130464 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] kernel32.dll!SetThreadContext 7C862CB1 5 Bytes JMP 00130608 .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text F:\Dokumente und Einstellungen\ace\Desktop\rktools\gmer\gmer.exe[3096] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7382ACA] sptd.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F164FCE0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F164FD00] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F164FD90] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F164FDC0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F164FD90] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F164FD00] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F164FCE0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F164FD00] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F164FD90] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F164FCE0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F164FDC0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F164FD90] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F164FDC0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F164FCE0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F164FD00] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [F164FD90] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [F164FD00] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [F164FDC0] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [F164FCE0] \SystemRoot\system32\drivers\fwdrv.sys ---- User IAT/EAT - GMER 1.0.13 ---- IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll IAT F:\WINDOWS\Explorer.EXE[1988] @ F:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\WINDOWS\system32\ShimEng.dll ---- Devices - GMER 1.0.13 ---- Device \Ntfs IRP_MJ_CREATE 8594E1E8 Device \Ntfs IRP_MJ_CLOSE 8594E1E8 Device \Ntfs IRP_MJ_READ 8594E1E8 Device \Ntfs IRP_MJ_WRITE 8594E1E8 Device \Ntfs IRP_MJ_QUERY_INFORMATION 8594E1E8 Device \Ntfs IRP_MJ_SET_INFORMATION 8594E1E8 Device \Ntfs IRP_MJ_QUERY_EA 8594E1E8 Device \Ntfs IRP_MJ_SET_EA 8594E1E8 Device \Ntfs IRP_MJ_FLUSH_BUFFERS 8594E1E8 Device \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8594E1E8 Device \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8594E1E8 Device \Ntfs IRP_MJ_DIRECTORY_CONTROL 8594E1E8 Device \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8594E1E8 Device \Ntfs IRP_MJ_DEVICE_CONTROL 8594E1E8 Device \Ntfs IRP_MJ_SHUTDOWN 8594E1E8 Device \Ntfs IRP_MJ_LOCK_CONTROL 8594E1E8 Device \Ntfs IRP_MJ_CLEANUP 8594E1E8 Device \Ntfs IRP_MJ_QUERY_SECURITY 8594E1E8 Device \Ntfs IRP_MJ_SET_SECURITY 8594E1E8 Device \Ntfs IRP_MJ_QUERY_QUOTA 8594E1E8 Device \Ntfs IRP_MJ_SET_QUOTA 8594E1E8 Device \Ntfs IRP_MJ_PNP 8594E1E8 Device \Ntfs FastIoCheckIfPossible [F71F2EDA] Ntfs.sys Device \Ntfs FastIoRead [F71D9B57] Ntfs.sys Device \Ntfs FastIoWrite [F71F8448] Ntfs.sys Device \Ntfs FastIoQueryBasicInfo [F71DF48E] Ntfs.sys Device \Ntfs FastIoQueryStandardInfo [F71DDF7E] Ntfs.sys Device \Ntfs FastIoLock [F71F90F2] Ntfs.sys Device \Ntfs FastIoUnlockSingle [F71F91F8] Ntfs.sys Device \Ntfs FastIoUnlockAll [F72326AE] Ntfs.sys Device \Ntfs FastIoUnlockAllByKey [F72327F3] Ntfs.sys Device \Ntfs AcquireFileForNtCreateSection [F71D983A] Ntfs.sys Device \Ntfs ReleaseFileForNtCreateSection [F71D9881] Ntfs.sys Device \Ntfs FastIoQueryNetworkOpenInfo [F7220E1D] Ntfs.sys Device \Ntfs AcquireForModWrite [F71E5A10] Ntfs.sys Device \Ntfs MdlRead [F7220F31] Ntfs.sys Device \Ntfs PrepareMdlWrite [F72212AB] Ntfs.sys Device \Ntfs FastIoQueryOpen [F71DDDB8] Ntfs.sys Device \Ntfs AcquireForCcFlush [F71D96E2] Ntfs.sys Device \Ntfs ReleaseForCcFlush [F71D9708] Ntfs.sys AttachedDevice \Ntfs IRP_MJ_CREATE [F727F1DE] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F727F1DE] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_CLOSE [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_READ [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_WRITE [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_QUERY_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SET_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_QUERY_EA [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SET_EA [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_FLUSH_BUFFERS [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F727F454] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_DEVICE_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SHUTDOWN [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_LOCK_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_CLEANUP [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_CREATE_MAILSLOT [F727F1DE] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_QUERY_SECURITY [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SET_SECURITY [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_POWER [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SYSTEM_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_DEVICE_CHANGE [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_QUERY_QUOTA [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_SET_QUOTA [F7272F4C] fltmgr.sys AttachedDevice \Ntfs IRP_MJ_CREATE [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_CLOSE [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_READ [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_WRITE [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_QUERY_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SET_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_QUERY_EA [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SET_EA [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_FLUSH_BUFFERS [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_DEVICE_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SHUTDOWN [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_LOCK_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_CLEANUP [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_CREATE_MAILSLOT [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_QUERY_SECURITY [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SET_SECURITY [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_POWER [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SYSTEM_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_DEVICE_CHANGE [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_QUERY_QUOTA [F7ADF404] avg7rsw.sys AttachedDevice \Ntfs IRP_MJ_SET_QUOTA [F7ADF404] avg7rsw.sys Device \FatCdrom IRP_MJ_CREATE 856267A0 Device \FatCdrom IRP_MJ_CLOSE 856267A0 Device \FatCdrom IRP_MJ_READ 8563DED8 Device \FatCdrom IRP_MJ_WRITE 856267A0 Device \FatCdrom IRP_MJ_QUERY_INFORMATION 856267A0 Device \FatCdrom IRP_MJ_SET_INFORMATION 856267A0 Device \FatCdrom IRP_MJ_QUERY_EA 856267A0 Device \FatCdrom IRP_MJ_SET_EA 856267A0 Device \FatCdrom IRP_MJ_FLUSH_BUFFERS 856267A0 Device \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 856267A0 Device \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 856267A0 Device \FatCdrom IRP_MJ_DIRECTORY_CONTROL 856267A0 Device \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 856267A0 Device \FatCdrom IRP_MJ_DEVICE_CONTROL 856267A0 Device \FatCdrom IRP_MJ_SHUTDOWN 856267A0 Device \FatCdrom IRP_MJ_LOCK_CONTROL 856267A0 Device \FatCdrom IRP_MJ_CLEANUP 856267A0 Device \FatCdrom IRP_MJ_PNP 856267A0 Device \FatCdrom FastIoCheckIfPossible [F13B31F9] Fastfat.SYS Device \FatCdrom FastIoQueryBasicInfo [F13A2646] Fastfat.SYS Device \FatCdrom FastIoQueryStandardInfo [F13A2405] Fastfat.SYS Device \FatCdrom FastIoLock [F13A89F3] Fastfat.SYS Device \FatCdrom FastIoUnlockSingle [F13AB518] Fastfat.SYS Device \FatCdrom FastIoUnlockAll [F13B7929] Fastfat.SYS Device \FatCdrom FastIoUnlockAllByKey [F13B7A21] Fastfat.SYS Device \FatCdrom FastIoQueryNetworkOpenInfo [F13B328E] Fastfat.SYS Device \FatCdrom AcquireForCcFlush [F13B84A6] Fastfat.SYS Device \FatCdrom ReleaseForCcFlush [F13B851F] Fastfat.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ 855C2CE0 AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A7185A] avgtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F16375B0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 857917A0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 857917A0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 859BE1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 859BE1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 857CB1E8 AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ 855C2CE0 AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A7185A] avgtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F16375B0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe Device \Driver\fwdrv \Device\FWDRV IRP_MJ_READ 855C2CE0 Device \Driver\fwdrv \Device\FWDRV IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A7185A] avgtdi.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 859511E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 857ACA10 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85593310 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8565CD68 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 855D9738 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 859511E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 857ACA10 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 85593310 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8565CD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 85584A10 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 8559BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 8559BD68 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 859511E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 859511E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 857ACA10 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 85593310 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8565CD68 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_CREATE 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_CLOSE 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_READ 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_WRITE 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_DEVICE_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_POWER 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_SYSTEM_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000080 IRP_MJ_PNP 855FC7A0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 857ACA10 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 85593310 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8565CD68 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8565CD68 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_CREATE 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_CLOSE 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_READ 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_WRITE 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_DEVICE_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_INTERNAL_DEVICE_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_POWER 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_SYSTEM_CONTROL 855FC7A0 Device \Driver\USBSTOR \Device\00000081 IRP_MJ_PNP 855FC7A0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 855D25C0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 855D25C0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 855D25C0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 855D25C0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 855D25C0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 855D25C0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 855D25C0 Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8526D150 Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_CREATE [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_CREATE_NAMED_PIPE [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_CLOSE [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_READ [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_WRITE [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_QUERY_INFORMATION [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SET_INFORMATION [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_QUERY_EA [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SET_EA [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_FLUSH_BUFFERS [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_QUERY_VOLUME_INFORMATION [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SET_VOLUME_INFORMATION [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_DIRECTORY_CONTROL [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_FILE_SYSTEM_CONTROL [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_DEVICE_CONTROL [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_INTERNAL_DEVICE_CONTROL [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SHUTDOWN [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_LOCK_CONTROL [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_CLEANUP [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_CREATE_MAILSLOT [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_QUERY_SECURITY [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SET_SECURITY [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_POWER [F737C712] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SYSTEM_CONTROL [F739F2C8] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_DEVICE_CHANGE [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_QUERY_QUOTA [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_SET_QUOTA [F73A2AD2] sptd.sys Device \Driver\PCI_NTPNP1204 \Device\0000005c IRP_MJ_PNP [F73A0238] sptd.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ 855C2CE0 AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A7185A] avgtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F16375B0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ 855C2CE0 AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A7185A] avgtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F16375B0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F16374A0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 857917A0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 857917A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 856229D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 853307A0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 853307A0 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 857CB1E8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 857CB1E8 Device \Device\LanmanRedirector IRP_MJ_CREATE 853307A0 Device \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 853307A0 Device \Device\LanmanRedirector IRP_MJ_CLOSE 853307A0 Device \Device\LanmanRedirector IRP_MJ_READ 856229D8 Device \Device\LanmanRedirector IRP_MJ_WRITE 853307A0 Device \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 853307A0 Device \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 853307A0 Device \Device\LanmanRedirector IRP_MJ_QUERY_EA 853307A0 Device \Device\LanmanRedirector IRP_MJ_SET_EA 853307A0 Device \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 853307A0 Device \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 853307A0 Device \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 853307A0 Device \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_SHUTDOWN 853307A0 Device \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_CLEANUP 853307A0 Device \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 853307A0 Device \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 853307A0 Device \Device\LanmanRedirector IRP_MJ_SET_SECURITY 853307A0 Device \Device\LanmanRedirector IRP_MJ_POWER 853307A0 Device \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 853307A0 Device \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 853307A0 Device \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 853307A0 Device \Device\LanmanRedirector IRP_MJ_SET_QUOTA 853307A0 Device \Device\LanmanRedirector IRP_MJ_PNP 853307A0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 855C7E98 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 859511E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 859511E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 855C61E8 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_CREATE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_CLOSE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_READ 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_WRITE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SET_EA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85298320 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_POWER 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01Port3Path0Target0Lun0 IRP_MJ_PNP 8564A008 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 8594F1E8 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 8594F1E8 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE_NAMED_PIPE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CLOSE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_READ 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_WRITE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_EA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_EA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_FLUSH_BUFFERS 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_VOLUME_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_VOLUME_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DIRECTORY_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_FILE_SYSTEM_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DEVICE_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_INTERNAL_DEVICE_CONTROL 8555C5A0 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SHUTDOWN 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_LOCK_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CLEANUP 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE_MAILSLOT 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_SECURITY 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_SECURITY 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_POWER 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SYSTEM_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DEVICE_CHANGE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_QUOTA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_QUOTA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_PNP 85583F00 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_CREATE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_CREATE_NAMED_PIPE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_CLOSE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_READ 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_WRITE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_QUERY_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SET_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_QUERY_EA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SET_EA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_FLUSH_BUFFERS 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_QUERY_VOLUME_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SET_VOLUME_INFORMATION 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_DIRECTORY_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_FILE_SYSTEM_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_DEVICE_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_INTERNAL_DEVICE_CONTROL 85298320 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SHUTDOWN 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_LOCK_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_CLEANUP 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_CREATE_MAILSLOT 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_QUERY_SECURITY 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SET_SECURITY 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_POWER 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SYSTEM_CONTROL 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_DEVICE_CHANGE 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_QUERY_QUOTA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_SET_QUOTA 8564A008 Device \Driver\a2nof4t0 \Device\Scsi\a2nof4t01 IRP_MJ_PNP 8564A008 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_CREATE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_CREATE_NAMED_PIPE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_CLOSE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_READ 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_WRITE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_QUERY_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SET_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_QUERY_EA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SET_EA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_FLUSH_BUFFERS 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SET_VOLUME_INFORMATION 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_DIRECTORY_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_DEVICE_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8555C5A0 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SHUTDOWN 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_LOCK_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_CLEANUP 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_CREATE_MAILSLOT 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_QUERY_SECURITY 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SET_SECURITY 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_POWER 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SYSTEM_CONTROL 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_DEVICE_CHANGE 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_QUERY_QUOTA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_SET_QUOTA 85583F00 Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port2Path0Target4Lun0 IRP_MJ_PNP 85583F00 Device \Fat IRP_MJ_CREATE 856267A0 Device \Fat IRP_MJ_CLOSE 856267A0 Device \Fat IRP_MJ_READ 8563DED8 Device \Fat IRP_MJ_WRITE 856267A0 Device \Fat IRP_MJ_QUERY_INFORMATION 856267A0 Device \Fat IRP_MJ_SET_INFORMATION 856267A0 Device \Fat IRP_MJ_QUERY_EA 856267A0 Device \Fat IRP_MJ_SET_EA 856267A0 Device \Fat IRP_MJ_FLUSH_BUFFERS 856267A0 Device \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 856267A0 Device \Fat IRP_MJ_SET_VOLUME_INFORMATION 856267A0 Device \Fat IRP_MJ_DIRECTORY_CONTROL 856267A0 Device \Fat IRP_MJ_FILE_SYSTEM_CONTROL 856267A0 Device \Fat IRP_MJ_DEVICE_CONTROL 856267A0 Device \Fat IRP_MJ_SHUTDOWN 856267A0 Device \Fat IRP_MJ_LOCK_CONTROL 856267A0 Device \Fat IRP_MJ_CLEANUP 856267A0 Device \Fat IRP_MJ_PNP 856267A0 Device \Fat FastIoCheckIfPossible [F13B31F9] Fastfat.SYS Device \Fat FastIoQueryBasicInfo [F13A2646] Fastfat.SYS Device \Fat FastIoQueryStandardInfo [F13A2405] Fastfat.SYS Device \Fat FastIoLock [F13A89F3] Fastfat.SYS Device \Fat FastIoUnlockSingle [F13AB518] Fastfat.SYS Device \Fat FastIoUnlockAll [F13B7929] Fastfat.SYS Device \Fat FastIoUnlockAllByKey [F13B7A21] Fastfat.SYS Device \Fat FastIoQueryNetworkOpenInfo [F13B328E] Fastfat.SYS Device \Fat AcquireForCcFlush [F13B84A6] Fastfat.SYS Device \Fat ReleaseForCcFlush [F13B851F] Fastfat.SYS AttachedDevice \Fat IRP_MJ_CREATE [F727F1DE] fltmgr.sys AttachedDevice \Fat IRP_MJ_CREATE_NAMED_PIPE [F727F1DE] fltmgr.sys AttachedDevice \Fat IRP_MJ_CLOSE [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_READ [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_WRITE [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_QUERY_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SET_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_QUERY_EA [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SET_EA [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_FLUSH_BUFFERS [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_DIRECTORY_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F727F454] fltmgr.sys AttachedDevice \Fat IRP_MJ_DEVICE_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SHUTDOWN [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_LOCK_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_CLEANUP [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_CREATE_MAILSLOT [F727F1DE] fltmgr.sys AttachedDevice \Fat IRP_MJ_QUERY_SECURITY [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SET_SECURITY [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_POWER [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SYSTEM_CONTROL [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_DEVICE_CHANGE [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_QUERY_QUOTA [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_SET_QUOTA [F7272F4C] fltmgr.sys AttachedDevice \Fat IRP_MJ_CREATE [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_CREATE_NAMED_PIPE [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_CLOSE [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_READ [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_WRITE [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_QUERY_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SET_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_QUERY_EA [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SET_EA [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_FLUSH_BUFFERS [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_DIRECTORY_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_DEVICE_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SHUTDOWN [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_LOCK_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_CLEANUP [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_CREATE_MAILSLOT [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_QUERY_SECURITY [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SET_SECURITY [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_POWER [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SYSTEM_CONTROL [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_DEVICE_CHANGE [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_QUERY_QUOTA [F7ADF404] avg7rsw.sys AttachedDevice \Fat IRP_MJ_SET_QUOTA [F7ADF404] avg7rsw.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 85669428 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 85669428 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 85669428 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 85669428 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 85669428 Device \Cdfs IRP_MJ_CREATE 856A41E8 Device \Cdfs IRP_MJ_CLOSE 856A41E8 Device \Cdfs IRP_MJ_READ 8561E618 Device \Cdfs IRP_MJ_QUERY_INFORMATION 856A41E8 Device \Cdfs IRP_MJ_SET_INFORMATION 856A41E8 Device \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 856A41E8 Device \Cdfs IRP_MJ_DIRECTORY_CONTROL 856A41E8 Device \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 856A41E8 Device \Cdfs IRP_MJ_DEVICE_CONTROL 856A41E8 Device \Cdfs IRP_MJ_SHUTDOWN 856A41E8 Device \Cdfs IRP_MJ_LOCK_CONTROL 856A41E8 Device \Cdfs IRP_MJ_CLEANUP 856A41E8 Device \Cdfs IRP_MJ_PNP 856A41E8 Device \Cdfs FastIoCheckIfPossible [F6BE1BCE] Cdfs.SYS Device \Cdfs FastIoQueryBasicInfo [F6BE640D] Cdfs.SYS Device \Cdfs FastIoQueryStandardInfo [F6BE64F1] Cdfs.SYS Device \Cdfs FastIoLock [F6BE7EE7] Cdfs.SYS Device \Cdfs FastIoUnlockSingle [F6BE8059] Cdfs.SYS Device \Cdfs FastIoUnlockAll [F6BE81E0] Cdfs.SYS Device \Cdfs FastIoUnlockAllByKey [F6BE8341] Cdfs.SYS Device \Cdfs AcquireFileForNtCreateSection [F6BE9E7A] Cdfs.SYS Device \Cdfs ReleaseFileForNtCreateSection [F6BE9EAD] Cdfs.SYS Device \Cdfs FastIoQueryNetworkOpenInfo [F6BE65DB] Cdfs.SYS ---- Modules - GMER 1.0.13 ---- Module _________ F728F000-F72A7000 (98304 bytes) ---- Registry - GMER 1.0.13 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 900C05901F6279536887F92A5CB20A55A37786B00C8E20DF508C81DCC27B5A7C920B1B3243469BBD0910847A114B9D0008E8EF4FCDD8D538257A5D35E91E2B5D86B4B344A928F851959BAF66EFF0E66D71DEA11FE2FB060FB9FB76E4D70ACE3AA5FA978F1A4FDDCE6DAD924EF5CB0D49020B1E389CA2D51518185D5ED288076F7DD481FEF047475A42CD36B7B4C86C9F32A95BD9E3B79E619D569339B628C93CF03DA3A29DDDE87D9C07964CD11815E24EF4C26530ECE96CFA471231713B3F42B4339F2FA528A722556A2456842EC767F4AD32E011B8FA173479C02308D8C68A53380FFBA07C9F9B9C0A45C91C41FEE61A197BF529534523A184811412D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A9C6AECB7A5D1407A9C6AECB7A5D1407EE62F676788FBC3595020D4D2D117036F80116AD06FC2DC863346981C9E1ABAEEE5C2DAAF0009617E2F9D6637966BB9BEBAE87B5781F1036A03030859066FB4F544D12A52A767E62BCFAFD79FCE31AA4667E72B072831CCB79168211CEEAA554CCC410C12DF60FE64EA0D1BCCFE41BC22F342CBF3701F4BCF3F15A52125F7ECF3E3A6762F926F53AF867F7E0FC68612B47F55E82FE8DD2014BB4857EE052F61CBF052C6A01CE76B6D133E91B8490A4D7DCD Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 914078700DAF97955512A313171C9BFACF056CEE96D4FB1D829FA556AB2EABCCD400EA11AD20BE5C4DBDFACDC9766192125CE12BEC87B142C0CEEB4E057ED5650E8BF108073A77C94129708CCF31FAD2F196733C51F21547A0DC49710DACAB2E1AEC8FF15E4781BEAB890ADF1D11BB5E26B2CAC004F5B1AE37ADAC11F0CE0A2D099298F170B72F62B875A0D919FB8D1B198FE75C398F24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5555C06C244A305B0A1879FCABC5FCB12CA46CF29B04615FB7FFE892109F2776890077796E2405D2A57E6463F720FB0E34626B5E7BB1B579451A77A401EE27EB1919AFBC62D9EB9D3D1F84D34D2C4ED6D5795897D50248D1785B976EE0005A4EA4E55F843F2E5396D723C555FD43CF08810F3CC8DA84D12178716F9D64E98D27E27B987DEDA46EFD92DF237DDC3B319319BE6329BD60A344AD56233057D5E647C8D0DF452DE7265A10B27F9313EF13D093756A1903CCB3689028809ED571DA6188ADAC4B6CCA117EFA6A160BC373BA65434ED363C918D4BD332B39267789D5D26B7EF2A8CC40D7396B2F1D9CA74DC91FC771E3FCE634B204A21551EAB51ADBF23465F8F38BE736087716B0E051227AE8EF89A41DC1004D1B31DA Reg \Registry\USER\S-1-5-21-1482476501-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Qbxhzragr haq Rvafgryyhatra\npr\Qrfxgbc\gbbyf\BB.PyrirePnpur.Cebsrffvbany.Rqvgvba.i6.1.2332.Trezna.JvaNYY.Vapy.Xrltra-IvEvYvGL\BB.PyrirePnpur.Cebsrffvbany.Rqvgvba.i6.1.2332.Trezna.JvaNYY.Vapy.Xrltra-IvEvYvGL\BBPyrirePnpur61CebsrffvbanyTre.rkr 0x09 0x03 0x00 0x00 ... ---- EOF - GMER 1.0.13 ---- Trend Micro: +---------------------------------------------------- | Trend Micro RootkitBuster 1.6 Beta. | Module version: 1.6.0.1052 +---------------------------------------------------- --== Dump Hidden File on F:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. Catchme: catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-27 00:43:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:fd81d653 "s2"=dword:637e5eec "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:74,85,c1,63,de,60,4f,f9,a2,44,b1,e7,ed,c4,cf,e0,55,08,f7,2e,cd,.. "p0"="F:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:b8,e5,16,cb,52,87,84,1b,88,a0,66,7e,b5,73,3f,4d,95,58,6d,45,25,.. "a0"=hex:20,01,00,00,93,05,71,98,38,a5,65,d2,4f,18,f0,e6,a5,a8,84,9f,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:62,46,7d,b5,0f,be,d8,d9,e1,50,7d,28,3a,85,48,60,06,b8,1f,54,57,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:40,e7,31,15,83,1a,de,46,23,b5,ac,39,ee,3f,92,05,dd,09,f1,2f,34,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:6e,fc,27,e8,aa,ed,ba,6a,31,c4,55,09,37,a1,ea,ca,03,2d,20,0f,1c,.. "p0"="F:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,8f,3e,c3,29,74,8a,f0,29,e3,61,78,f6,f1,e2,cc,35,d1,.. "khjeh"=hex:27,6e,95,0b,3e,fd,b9,48,11,98,91,05,9f,a2,02,6c,aa,f1,40,c1,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6d,a4,94,5a,bc,d4,83,a0,6d,04,2b,5a,f5,0a,b9,39,75,10,b9,14,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:6e,fc,27,e8,aa,ed,ba,6a,31,c4,55,09,37,a1,ea,ca,03,2d,20,0f,1c,.. "p0"="F:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,8f,3e,c3,29,74,8a,f0,29,e3,61,78,f6,f1,e2,cc,35,d1,.. "khjeh"=hex:27,6e,95,0b,3e,fd,b9,48,11,98,91,05,9f,a2,02,6c,aa,f1,40,c1,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6d,a4,94,5a,bc,d4,83,a0,6d,04,2b,5a,f5,0a,b9,39,75,10,b9,14,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:6e,fc,27,e8,aa,ed,ba,6a,31,c4,55,09,37,a1,ea,ca,03,2d,20,0f,1c,.. "p0"="F:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,8f,3e,c3,29,74,8a,f0,29,e3,61,78,f6,f1,e2,cc,35,d1,.. "khjeh"=hex:27,6e,95,0b,3e,fd,b9,48,11,98,91,05,9f,a2,02,6c,aa,f1,40,c1,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6d,a4,94,5a,bc,d4,83,a0,6d,04,2b,5a,f5,0a,b9,39,75,10,b9,14,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:74,85,c1,63,de,60,4f,f9,a2,44,b1,e7,ed,c4,cf,e0,55,08,f7,2e,cd,.. "p0"="F:\Programme\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:b8,e5,16,cb,52,87,84,1b,88,a0,66,7e,b5,73,3f,4d,95,58,6d,45,25,.. "a0"=hex:20,01,00,00,93,05,71,98,38,a5,65,d2,4f,18,f0,e6,a5,a8,84,9f,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:62,46,7d,b5,0f,be,d8,d9,e1,50,7d,28,3a,85,48,60,06,b8,1f,54,57,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:40,e7,31,15,83,1a,de,46,23,b5,ac,39,ee,3f,92,05,dd,09,f1,2f,34,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG08.00.00.01WORKSTATION"="900C05901F6279536887F92A5CB20A55A37786B00C8E20DF508C81DCC27B5A7C920B1B3243469BBD0910847A114B9D0008E8EF4FCDD8D538257A5D35E91E2B5D86B4B344A928F851959BAF66EFF0E66D71DEA11FE2FB060FB9FB76E4D70ACE3AA5FA978F1A4FDDCE6DAD924EF5CB0D49020B1E389CA2D51518185D5ED288076F7DD481FEF047475A42CD36B7B4C86C9F32A95BD9E3B79E619D569339B628C93CF03DA3A29DDDE87D9C07964CD11815E24EF4C26530ECE96CFA471231713B3F42B4339F2FA528A722556A2456842EC767F4AD32E011B8FA173479C02308D8C68A53380FFBA07C9F9B9C0A45C91C41FEE61A197BF529534523A184811412D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A9C6AECB7A5D1407A9C6AECB7A5D1407EE62F676788FBC3595020D4D2D117036F80116AD06FC2DC863346981C9E1ABAEEE5C2DAAF0009617E2F9D6637966BB9BEBAE87B5781F1036A03030859066FB4F544D12A52A767E62BCFAFD79FCE31AA4667E72B072831CCB79168211CEEAA554CCC410C12DF60FE64EA0D1BCCFE41BC22F342CBF3701F4BCF3F15A52125F7ECF3E3A6762F926F53AF867F7E0FC68612B47F55E82FE8DD2014BB4857EE052F61CBF052C6A01CE76B6D133E91B8490A4D7DCD10722F6450354EE32294D34798F539B6446C2285EE5F7A048F324D7252F0A5735F8473DE8E4340023B9F879ADDCD552F7F0D74B672F5F61D336BA5E1061404F73582167DBEC6456A3034110EB88C89847BB1CB69DCF1345E2A61FF261ADC113C49FE2FB26A3EDFAB424EA4FD5CF94D23A8B81AC5D5AFBB1E60D18E54B9C9924C31CC378F224982D3B8EBD7EAE84E31F9E9603632476463F38866F78A4481537F1F07C4C9320765FFD8B845BDF8AA8CBA4E81C85145CE2381004F1E2E9DF4637AF924C5C7A5C59382B330F96775D155DE3E3CC30715B881F8D49F050B7A884BFC6CA787FC0AFD712D075B1D4A488A20BD43A1B7627D530A7327143DE51F6E8246038430221064E7BE59543B03DAD8D3FD4F28FDCC242963BE4E6C2229F38D1E98ECC7B237DE15CB7C0A91FB5BA82559AA5EAB55E76A93BF46FEBCBA12CE9E048424CEC195756633C9F1CA565B9CF3DF0EB529E6A992C66278294C057A4A17D2FD4536B0AD88A8BB3A1AC3B3579724FC831ABE05F23F91F542DC908B2DD8450BE01CD4D124B3CBF7CCA6DC58D61DCD7DEE2CE9296B35B33B6E7480A974E50C84EE57DEDC2213BAFAA05C5324BF893E4A05369D0D90B2933B90DA1345B905119E586782B1F6CEA4E041C706FBF6D30CC34B6783DE490D174FDD9B8F84A62EB36C24B29E71E66C5D18140FB71B08F60A6EFA7D17B6BCD5991597248CEA2A8195BD6FE" "OOCC06.00.00.01WSSV"="914078700DAF97955512A313171C9BFACF056CEE96D4FB1D829FA556AB2EABCCD400EA11AD20BE5C4DBDFACDC9766192125CE12BEC87B142C0CEEB4E057ED5650E8BF108073A77C94129708CCF31FAD2F196733C51F21547A0DC49710DACAB2E1AEC8FF15E4781BEAB890ADF1D11BB5E26B2CAC004F5B1AE37ADAC11F0CE0A2D099298F170B72F62B875A0D919FB8D1B198FE75C398F24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5555C06C244A305B0A1879FCABC5FCB12CA46CF29B04615FB7FFE892109F2776890077796E2405D2A57E6463F720FB0E34626B5E7BB1B579451A77A401EE27EB1919AFBC62D9EB9D3D1F84D34D2C4ED6D5795897D50248D1785B976EE0005A4EA4E55F843F2E5396D723C555FD43CF08810F3CC8DA84D12178716F9D64E98D27E27B987DEDA46EFD92DF237DDC3B319319BE6329BD60A344AD56233057D5E647C8D0DF452DE7265A10B27F9313EF13D093756A1903CCB3689028809ED571DA6188ADAC4B6CCA117EFA6A160BC373BA65434ED363C918D4BD332B39267789D5D26B7EF2A8CC40D7396B2F1D9CA74DC91FC771E3FCE634B204A21551EAB51ADBF23465F8F38BE736087716B0E051227AE8EF89A41DC1004D1B31DA42AD8A71EF82E777F1300049934DABB2557FDFD6DA23BC7DBF2E0CCBEF1F88818EB7112C5270924E9858FB1C23B4DFD7AC3287B068856051FBF38A0040829D96FCB5CFE7E5E9B377C6CF5BA3D353EB70B17DD214D6B5AE5624723E6DE8C741B2A67633025A5EF30D982A7E2D5D7B2FE3946D9D8A3CCE2B36ADD4850E0EE32E90D0E35B79BF6B5A0E7B37BC6DDC9D07A2CFD3EE3EB22B24AC00AB1601E0F5CF8A2C564804842BFB2D0A1AB51AEA666E64F1A8E520E532D9DB087CA6FB0458F0FB744E747936A049F0323D9C5A100E015D12F330CF5BF5A30C9C6652733DA8F86DC78981BEA469EB6314108B915D856E8A703784B9236691D61E9B809C78C41CBE783B662C1214E5C50389D966C29FCD906118EA0587C2A108F49DBE8928E2D64F0B662D48C3975061B7A669B8DDDB2F5E8068A6CBDCB91CC2FF04E6EBD058363569D2480C4C21BC18F2E9158E3D476DB90C5E3E640D13826609FEE15728B15F43874E4C4E8E36AAC70ACB2B3DC65EBC0FEE5F79A5E2E5B86094806AB642F58577CA974D779B8B17A4203C1E76C54DAEB7B3286669BF5DC6B50143BD7C77166DBCCE30441FC4E647251F1988189DFAF3B1228B57D80B23F6622DD9C9055497DE8157A2B5EFD291AF02BF077642D37F99D107A0BE497622D9B2F341BA147217F7986FAE2DF08410CE2A0A803C3D7FE6D970B90F3F87174F344EADB8BAA61D5F29B97" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0