Pub intempestive par filost sous IE (Ewido + HijackThis)

tortiere · le 16 septembre 2006

Les suppressions des dossiers mentionnés, de SNDMon, de spysweeper et d'ewido ont été réalisées.

Le symptome svchost + 2 x wuauclt qui dure en fait près de 1 minute est toujours présent.

Je t'ai sorti ci-après une extraction de l'arbre des process par l'outil "Process Explorer" au moment du pb :

=====================

Process Explorer

=====================

Process PID CPU Description Company Name

System Idle Process 0

Interrupts n/a Hardware Interrupts

DPCs n/a 1.00 Deferred Procedure Calls

System 4

smss.exe 840 Windows NT Session Manager Microsoft Corporation

csrss.exe 912 Client Server Runtime Process Microsoft Corporation

winlogon.exe 936 Application d'ouverture de session Windows NT Microsoft Corporation

services.exe 980 Applications Services et Contrôleur Microsoft Corporation

ati2evxx.exe 1144

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

naPrdMgr.exe 1696 NAI Product Manager Network Associates, Inc.

wmiprvse.exe 3172 WMI Microsoft Corporation

svchost.exe 1224 99.00 Generic Host Process for Win32 Services Microsoft Corporation <=== les coupables !!!

wuauclt.exe 3120 Mises à jour automatiques Microsoft Corporation <=== les coupables !!!

wuauclt.exe 3244 Mises à jour automatiques Microsoft Corporation <=== les coupables !!!

svchost.exe 1480 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1516 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1804 Spooler SubSystem App Microsoft Corporation

alg.exe 1904 Application Layer Gateway Service Microsoft Corporation

svchost.exe 180 Generic Host Process for Win32 Services Microsoft Corporation

kpf4ss.exe 288 Sunbelt Kerio Firewall Service Sunbelt Software

kpf4gui.exe 1372 Sunbelt Kerio Firewall GUI Sunbelt Software

kpf4gui.exe 2876 Sunbelt Kerio Firewall GUI Sunbelt Software

FrameworkService.exe 464 Framework Service Network Associates, Inc.

Mcshield.exe 724 On-Access Scanner service Network Associates, Inc.

VsTskMgr.exe 892 Task Manager : scheduling and OAS alerting service Network Associates, Inc.

svchost.exe 1364 Generic Host Process for Win32 Services Microsoft Corporation

CALMAIN.exe 1712 Canon Camera Access Library 8 Canon Inc.

lsass.exe 992 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1972

explorer.exe 144 Explorateur Windows Microsoft Corporation

Apoint.exe 496 Alps Pointing-device Driver Alps Electric Co., Ltd.

atiptaxx.exe 520 ATI Desktop Control Panel ATI Technologies, Inc.

Hcontrol.exe 528 HControl

ATKOSD.exe 772 ATKOSD

ezSP_Px.exe 544 ezSP_Px MFC Application Easy Systems Japan Ltd.

ico.exe 552 Mouse Suite 98 Daemon Primax Electronics Ltd.

rundll32.exe 568 Exécuter une DLL en tant qu'application Microsoft Corporation

HKServ.exe 576 Sony Corporation

HKWnd.exe 788 Sony Corporation

SPMgr.exe 596 SPM Module Sony Corporation

ISBMgr.exe 624 Sony Corporation

Switcher.exe 632 Wireless Switch Setting Utility Sony Corporation

DragDrop.exe 676 Drag'n Drop CD+DVD

realsched.exe 808 RealNetworks Scheduler RealNetworks, Inc.

VAIOUpdt.exe 820 Sony Corporation

shstat.exe 884 On-access scanner statistics Network Associates, Inc.

UpdaterUI.exe 108 Common User Interface Network Associates, Inc.

TBMon.exe 956 TalkBack Monitor Network Associates, Inc.

msmsgs.exe 1164 Messenger Microsoft Corporation

mnyexpr.exe 1192 Microsoft Money Express Microsoft Corp.

acrotray.exe 1304 AcroTray Adobe Systems Inc.

procexp.exe 1408 Sysinternals Process Explorer Sysinternals

BlueSpaceNE.exe 1600 BlueSpace NE Sony Corporation

ApntEx.exe 748 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.

EM_EXEC.EXE 876 Logitech Events Handler Application Logitech Inc.

======================

Rapport HiJackThis

======================

Logfile of HijackThis v1.99.1

Scan saved at 19:40:18, on 16/09/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ATK0100\Hcontrol.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\ICO.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\sony\vaio power management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Bureautique\Multimedia\MicroInformatique\Tools\ProcessExplorer\ProcessExplorerNt\procexp.exe

C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Bureautique\Multimedia\MicroInformatique\Tools\HiJackThis\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\sony\vaio power management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"

O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" /StartUp

O4 - HKLM\..\Run: [VPS] C:\Program Files\sony\ProductSurvey\VPS.exe /SCHEDULER

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

=======================

Les 2 process wuauclt correspondent à des programmes microsoft... bizarre et bien embêtant ces lenteurs.

A priori, je ne suis pas le seul à rencontrer ce type de symtôme svhost d'après d'autres post sur zebulon.

Malekal_morte · le 16 septembre 2006

juste pour m'assurer de qq chose.

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

tortiere · le 17 septembre 2006

Voici le rapport GMER...

GMER 1.0.11.11349 - http://www.gmer.net

Rootkit 2006-09-17 12:18:12

Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.11 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx

SSDT 814AF109 ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----

A priori, fwdrv.sys serait lié à Kerio d'après mes recherches sur le Net... en voivi les propriétés :

C:\windows\system32\drivers\fwdrv.sys 278ko fichier système créé le 18/07/2006

C:\windows\system32\drivers\fwdrv.err 1ko fichier ERR créé le 13/09/2006

A bientôt

Malekal_morte · le 17 septembre 2006

heu t'as mis tout le rapport gmer là ?

tortiere · le 17 septembre 2006

Suite à ta remarque, j'ai relancé GMER mais en cochant la case "show all" désactivitée par défaut dans l'onglet rootkit. Cà change tout au niveau dsu rapport...

Le scan se termine par le message suivant :

Gmer has found system modification caused by rootkit activity

Manquait plus que çà !

Le rapport GMER plutôt long (j'essaye de te le mettre en entier sur plusieurs post à suivre ...)

Toutes les lignes sans de renseignement dans la colonne name sont en rouge dans le rapport à l'écran, ainsi que les 1ières lignes sur fwdrv.sys.

Dans la copy, elles sont à priori toutes iscrites comme rootkit. Bizarre quand même que tout celà soit du rootkit, non ? D'autant plus que fwdrv.exe semble utilisé par Kerio.

Bon, je vais bien voir ce que tu en penses et si vraiment celà est lié à mon activité à 100% svchost + wuauclt observée.

A bientôt

GMER 1.0.11.11349 - http://www.gmer.net

Rootkit 2006-09-17 21:13:28

Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.11 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx <-- ROOTKIT !!!

SSDT 81507109 ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey <-- ROOTKIT !!!

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile <-- ROOTKIT !!!

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 8052E0B0

INT 0x01 \WINDOWS\system32\ntoskrnl.exe 8052E204

INT 0x03 \WINDOWS\system32\ntoskrnl.exe 8052E52C

INT 0x04 \WINDOWS\system32\ntoskrnl.exe 8052E694

INT 0x05 \WINDOWS\system32\ntoskrnl.exe 8052E7DC

INT 0x06 \WINDOWS\system32\ntoskrnl.exe 8052E93C

INT 0x07 \WINDOWS\system32\ntoskrnl.exe 8052EF14

INT 0x09 \WINDOWS\system32\ntoskrnl.exe 8052F334

INT 0x0A \WINDOWS\system32\ntoskrnl.exe 8052F43C

INT 0x0B \WINDOWS\system32\ntoskrnl.exe 8052F568

INT 0x0C \WINDOWS\system32\ntoskrnl.exe 8052F734

INT 0x0D \WINDOWS\system32\ntoskrnl.exe 8052F9FC

INT 0x0E \WINDOWS\system32\ntoskrnl.exe 80530088

INT 0x0F \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x10 \WINDOWS\system32\ntoskrnl.exe 8053053C

INT 0x11 \WINDOWS\system32\ntoskrnl.exe 8053065C

INT 0x12 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x13 \WINDOWS\system32\ntoskrnl.exe 805307AC

INT 0x14 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x15 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x16 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x17 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x18 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x19 \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1A \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1B \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1C \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1D \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1E \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x1F \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x2A \WINDOWS\system32\ntoskrnl.exe 8052D93E

INT 0x2B \WINDOWS\system32\ntoskrnl.exe 8052DA30

INT 0x2C \WINDOWS\system32\ntoskrnl.exe 8052DBC0

INT 0x2D \WINDOWS\system32\ntoskrnl.exe 8052E41C

INT 0x2E \WINDOWS\system32\ntoskrnl.exe 8052D4AD

INT 0x2F \WINDOWS\system32\ntoskrnl.exe 80530434

INT 0x30 \WINDOWS\system32\hal.dll 806B2558

INT 0x32 \WINDOWS\system32\ntoskrnl.exe 8052CBA4

INT 0x36 \WINDOWS\system32\ntoskrnl.exe 8052CBCC

INT 0x38 \WINDOWS\system32\hal.dll 806ACE80

INT 0x3A \WINDOWS\system32\ntoskrnl.exe 8052CBF4

INT 0x3D \WINDOWS\system32\ntoskrnl.exe 8052CC12

INT 0x40 \WINDOWS\system32\ntoskrnl.exe 8052CC30

INT 0x41 \WINDOWS\system32\ntoskrnl.exe 8052CC3A

INT 0x42 \WINDOWS\system32\ntoskrnl.exe 8052CC44

INT 0x43 \WINDOWS\system32\ntoskrnl.exe 8052CC4E

INT 0x44 \WINDOWS\system32\ntoskrnl.exe 8052CC58

INT 0x45 \WINDOWS\system32\ntoskrnl.exe 8052CC62

INT 0x46 \WINDOWS\system32\ntoskrnl.exe 8052CC6C

INT 0x47 \WINDOWS\system32\ntoskrnl.exe 8052CC76

INT 0x48 \WINDOWS\system32\ntoskrnl.exe 8052CC80

INT 0x49 \WINDOWS\system32\ntoskrnl.exe 8052CC8A

INT 0x4A \WINDOWS\system32\ntoskrnl.exe 8052CC94

INT 0x4B \WINDOWS\system32\ntoskrnl.exe 8052CC9E

INT 0x4C \WINDOWS\system32\ntoskrnl.exe 8052CCA8

INT 0x4D \WINDOWS\system32\ntoskrnl.exe 8052CCB2

INT 0x4E \WINDOWS\system32\ntoskrnl.exe 8052CCBC

INT 0x4F \WINDOWS\system32\ntoskrnl.exe 8052CCC6

INT 0x50 \WINDOWS\system32\ntoskrnl.exe 8052CCD0

INT 0x51 \WINDOWS\system32\ntoskrnl.exe 8052CCDA

INT 0x52 \WINDOWS\system32\ntoskrnl.exe 8052CCE4

INT 0x53 \WINDOWS\system32\ntoskrnl.exe 8052CCEE

INT 0x54 \WINDOWS\system32\ntoskrnl.exe 8052CCF8

INT 0x55 \WINDOWS\system32\ntoskrnl.exe 8052CD02

INT 0x56 \WINDOWS\system32\ntoskrnl.exe 8052CD0C

INT 0x57 \WINDOWS\system32\ntoskrnl.exe 8052CD16

INT 0x58 \WINDOWS\system32\ntoskrnl.exe 8052CD20

INT 0x59 \WINDOWS\system32\ntoskrnl.exe 8052CD2A

INT 0x5A \WINDOWS\system32\ntoskrnl.exe 8052CD34

INT 0x5B \WINDOWS\system32\ntoskrnl.exe 8052CD3E

INT 0x5C \WINDOWS\system32\ntoskrnl.exe 8052CD48

INT 0x5D \WINDOWS\system32\ntoskrnl.exe 8052CD52

INT 0x5E \WINDOWS\system32\ntoskrnl.exe 8052CD5C

INT 0x5F \WINDOWS\system32\ntoskrnl.exe 8052CD66

INT 0x60 \WINDOWS\system32\ntoskrnl.exe 8052CD70

INT 0x61 \WINDOWS\system32\ntoskrnl.exe 8052CD7A

INT 0x62 \WINDOWS\system32\ntoskrnl.exe 8052CD84

INT 0x63 \WINDOWS\system32\ntoskrnl.exe 8052CD8E

INT 0x64 \WINDOWS\system32\ntoskrnl.exe 8052CD98

INT 0x65 \WINDOWS\system32\ntoskrnl.exe 8052CDA2

INT 0x66 \WINDOWS\system32\ntoskrnl.exe 8052CDAC

INT 0x67 \WINDOWS\system32\ntoskrnl.exe 8052CDB6

INT 0x68 \WINDOWS\system32\ntoskrnl.exe 8052CDC0

INT 0x69 \WINDOWS\system32\ntoskrnl.exe 8052CDCA

INT 0x6A \WINDOWS\system32\ntoskrnl.exe 8052CDD4

INT 0x6B \WINDOWS\system32\ntoskrnl.exe 8052CDDE

INT 0x6C \WINDOWS\system32\ntoskrnl.exe 8052CDE8

INT 0x6D \WINDOWS\system32\ntoskrnl.exe 8052CDF2

INT 0x6E \WINDOWS\system32\ntoskrnl.exe 8052CDFC

INT 0x6F \WINDOWS\system32\ntoskrnl.exe 8052CE06

INT 0x70 \WINDOWS\system32\ntoskrnl.exe 8052CE10

INT 0x71 \WINDOWS\system32\ntoskrnl.exe 8052CE1A

INT 0x72 \WINDOWS\system32\ntoskrnl.exe 8052CE24

INT 0x73 \WINDOWS\system32\ntoskrnl.exe 8052CE2E

INT 0x74 \WINDOWS\system32\ntoskrnl.exe 8052CE38

INT 0x75 \WINDOWS\system32\ntoskrnl.exe 8052CE42

INT 0x76 \WINDOWS\system32\ntoskrnl.exe 8052CE4C

INT 0x77 \WINDOWS\system32\ntoskrnl.exe 8052CE56

INT 0x78 \WINDOWS\system32\ntoskrnl.exe 8052CE60

INT 0x79 \WINDOWS\system32\ntoskrnl.exe 8052CE6A

INT 0x7A \WINDOWS\system32\ntoskrnl.exe 8052CE74

INT 0x7B \WINDOWS\system32\ntoskrnl.exe 8052CE7E

INT 0x7C \WINDOWS\system32\ntoskrnl.exe 8052CE88

INT 0x7D \WINDOWS\system32\ntoskrnl.exe 8052CE92

INT 0x7E \WINDOWS\system32\ntoskrnl.exe 8052CE9C

INT 0x7F \WINDOWS\system32\ntoskrnl.exe 8052CEA6

INT 0x80 \WINDOWS\system32\ntoskrnl.exe 8052CEB0

INT 0x81 \WINDOWS\system32\ntoskrnl.exe 8052CEBA

INT 0x82 \WINDOWS\system32\ntoskrnl.exe 8052CEC4

INT 0x83 \WINDOWS\system32\ntoskrnl.exe 8052CECE

INT 0x84 \WINDOWS\system32\ntoskrnl.exe 8052CED8

INT 0x85 \WINDOWS\system32\ntoskrnl.exe 8052CEE2

INT 0x86 \WINDOWS\system32\ntoskrnl.exe 8052CEEC

INT 0x87 \WINDOWS\system32\ntoskrnl.exe 8052CEF6

INT 0x88 \WINDOWS\system32\ntoskrnl.exe 8052CF00

INT 0x89 \WINDOWS\system32\ntoskrnl.exe 8052CF0A

INT 0x8A \WINDOWS\system32\ntoskrnl.exe 8052CF14

INT 0x8B \WINDOWS\system32\ntoskrnl.exe 8052CF1E

INT 0x8C \WINDOWS\system32\ntoskrnl.exe 8052CF28

INT 0x8D \WINDOWS\system32\ntoskrnl.exe 8052CF32

INT 0x8E \WINDOWS\system32\ntoskrnl.exe 8052CF3C

INT 0x8F \WINDOWS\system32\ntoskrnl.exe 8052CF46

INT 0x90 \WINDOWS\system32\ntoskrnl.exe 8052CF50

INT 0x91 \WINDOWS\system32\ntoskrnl.exe 8052CF5A

INT 0x92 \WINDOWS\system32\ntoskrnl.exe 8052CF64

INT 0x93 \WINDOWS\system32\ntoskrnl.exe 8052CF6E

INT 0x94 \WINDOWS\system32\ntoskrnl.exe 8052CF78

INT 0x95 \WINDOWS\system32\ntoskrnl.exe 8052CF82

INT 0x96 \WINDOWS\system32\ntoskrnl.exe 8052CF8C

INT 0x97 \WINDOWS\system32\ntoskrnl.exe 8052CF96

INT 0x98 \WINDOWS\system32\ntoskrnl.exe 8052CFA0

INT 0x99 \WINDOWS\system32\ntoskrnl.exe 8052CFAA

INT 0x9A \WINDOWS\system32\ntoskrnl.exe 8052CFB4

INT 0x9B \WINDOWS\system32\ntoskrnl.exe 8052CFBE

INT 0x9C \WINDOWS\system32\ntoskrnl.exe 8052CFC8

INT 0x9D \WINDOWS\system32\ntoskrnl.exe 8052CFD2

INT 0x9E \WINDOWS\system32\ntoskrnl.exe 8052CFDC

INT 0x9F \WINDOWS\system32\ntoskrnl.exe 8052CFE6

INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 8052CFF0

INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 8052CFFA

INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 8052D004

INT 0xA3 \WINDOWS\system32\ntoskrnl.exe 8052D00E

INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 8052D018

INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 8052D022

INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 8052D02C

INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 8052D036

INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 8052D040

INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 8052D04A

INT 0xAA \WINDOWS\system32\ntoskrnl.exe 8052D054

INT 0xAB \WINDOWS\system32\ntoskrnl.exe 8052D05E

INT 0xAC \WINDOWS\system32\ntoskrnl.exe 8052D068

INT 0xAD \WINDOWS\system32\ntoskrnl.exe 8052D072

INT 0xAE \WINDOWS\system32\ntoskrnl.exe 8052D07C

INT 0xAF \WINDOWS\system32\ntoskrnl.exe 8052D086

INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 8052D090

INT 0xB1 \WINDOWS\system32\ntoskrnl.exe 8052D09A

INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 8052D0A4

INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 8052D0AE

INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 8052D0B8

INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 8052D0C2

INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 8052D0CC

INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 8052D0D6

INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 8052D0E0

INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 8052D0EA

INT 0xBA \WINDOWS\system32\ntoskrnl.exe 8052D0F4

INT 0xBB \WINDOWS\system32\ntoskrnl.exe 8052D0FE

INT 0xBC \WINDOWS\system32\ntoskrnl.exe 8052D108

INT 0xBD \WINDOWS\system32\ntoskrnl.exe 8052D112

INT 0xBE \WINDOWS\system32\ntoskrnl.exe 8052D11C

INT 0xBF \WINDOWS\system32\ntoskrnl.exe 8052D126

INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 8052D130

INT 0xC1 \WINDOWS\system32\ntoskrnl.exe 8052D13A

INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 8052D144

INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 8052D14E

INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 8052D158

INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 8052D162

INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 8052D16C

INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 8052D176

INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 8052D180

INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 8052D18A

INT 0xCA \WINDOWS\system32\ntoskrnl.exe 8052D194

INT 0xCB \WINDOWS\system32\ntoskrnl.exe 8052D19E

INT 0xCC \WINDOWS\system32\ntoskrnl.exe 8052D1A8

INT 0xCD \WINDOWS\system32\ntoskrnl.exe 8052D1B2

INT 0xCE \WINDOWS\system32\ntoskrnl.exe 8052D1BC

INT 0xCF \WINDOWS\system32\ntoskrnl.exe 8052D1C6

INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 8052D1D0

INT 0xD1 \WINDOWS\system32\ntoskrnl.exe 8052D1DA

INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 8052D1E4

INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 8052D1EE

INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 8052D1F8

INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 8052D202

INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 8052D20C

INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 8052D216

INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 8052D220

INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 8052D22A

INT 0xDA \WINDOWS\system32\ntoskrnl.exe 8052D234

INT 0xDB \WINDOWS\system32\ntoskrnl.exe 8052D23E

INT 0xDC \WINDOWS\system32\ntoskrnl.exe 8052D248

INT 0xDD \WINDOWS\system32\ntoskrnl.exe 8052D252

INT 0xDE \WINDOWS\system32\ntoskrnl.exe 8052D25C

INT 0xDF \WINDOWS\system32\ntoskrnl.exe 8052D266

INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 8052D270

INT 0xE1 \WINDOWS\system32\ntoskrnl.exe 8052D27A

INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 8052D284

INT 0xE3 \WINDOWS\system32\ntoskrnl.exe 8052D28E

INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 8052D298

INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 8052D2A2

INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 8052D2AC

INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 8052D2B6

INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 8052D2C0

INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 8052D2CA

INT 0xEA \WINDOWS\system32\ntoskrnl.exe 8052D2D4

INT 0xEB \WINDOWS\system32\ntoskrnl.exe 8052D2DE

INT 0xEC \WINDOWS\system32\ntoskrnl.exe 8052D2E8

INT 0xED \WINDOWS\system32\ntoskrnl.exe 8052D2F2

INT 0xEE \WINDOWS\system32\ntoskrnl.exe 8052D2F9

INT 0xEF \WINDOWS\system32\ntoskrnl.exe 8052D300

INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 8052D307

INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 8052D30E

INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 8052D315

INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 8052D31C

INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 8052D323

INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 8052D32A

INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 8052D331

INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 8052D338

INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 8052D33F

INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 8052D346

INT 0xFA \WINDOWS\system32\ntoskrnl.exe 8052D34D

INT 0xFB \WINDOWS\system32\ntoskrnl.exe 8052D354

INT 0xFC \WINDOWS\system32\ntoskrnl.exe 8052D35B

INT 0xFD \WINDOWS\system32\ntoskrnl.exe 8052D362

INT 0xFE \WINDOWS\system32\ntoskrnl.exe 8052D369

INT 0xFF \WINDOWS\system32\ntoskrnl.exe 8052D370

SYSENTER \WINDOWS\system32\ntoskrnl.exe 8052D480

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F8409390] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F84095B6] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F83EB094] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F83EA432] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8409F3A] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F83EC40E] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8409F3A] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8409F3A] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F841D8AE] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8409F78] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8409F78] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8413EFD] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F841297D] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8409F78] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F83FB9F0] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8460D57] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8409A2B] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8409F78] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8409F78] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8409F3A] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8409F3A] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F842873F] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F8407A0B] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoRead [F840ABBC] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoWrite [F841D9CC] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F840FD5E] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F840A79E] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoLock [F841E738] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F841E66C] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F8438CD6] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F8460AB2] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F840A771] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F840A758] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F8451C06] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F841963D] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs MdlRead [F8451D20] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs MdlReadComplete [804E4312] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F845207E] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [8054A51E] ntoskrnl.exe

Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F840A5AA] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F840BC6E] Ntfs.sys

Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F840BC8A] Ntfs.sys

Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F83A96D7] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F83A96D7] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F83A9E65] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_READ [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F83B60AD] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F83ACAF5] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F83B78C3] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F83A58D9] Mup.sys

Device \FileS

Modifié le 17 septembre 2006 par tortiere

Malekal_morte · le 17 septembre 2006

merci de coller le rapport ENTIER

fais plusieurs messages s'il faut.

tortiere · le 17 septembre 2006

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F83BA64E] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F83BA722] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F83A98BC] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F83B732F] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F83A9EA6] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F83A96D7] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F83A5ED1] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F83A58D9] Mup.sys

Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [F83AF81A] Mup.sys

Device \FileSystem\Mup \Dfs FastIoRead [F83AF85E] Mup.sys

Device \FileSystem\Mup \Dfs FastIoWrite [F83B7478] Mup.sys

Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [F83AF513] Mup.sys

Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [F83AD1D6] Mup.sys

Device \FileSystem\Mup \Dfs FastIoLock [F83AD202] Mup.sys

Device \FileSystem\Mup \Dfs FastIoUnlockSingle [F83AD22E] Mup.sys

Device \FileSystem\Mup \Dfs FastIoUnlockAll [F83B74BC] Mup.sys

Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [F83B74F4] Mup.sys

Device \FileSystem\Mup \Dfs FastIoDetachDevice [F83B752F] Mup.sys

Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [F83AD25A] Mup.sys

Device \FileSystem\Mup \Dfs MdlRead [F83B7532] Mup.sys

Device \FileSystem\Mup \Dfs MdlReadComplete [F83B758C] Mup.sys

Device \FileSystem\Mup \Dfs PrepareMdlWrite [F83B75CE] Mup.sys

Device \FileSystem\Mup \Dfs MdlWriteComplete [F83B7628] Mup.sys

Device \FileSystem\Mup \Dfs FastIoReadCompressed [F83B7670] Mup.sys

Device \FileSystem\Mup \Dfs FastIoWriteCompressed [F83B76C3] Mup.sys

Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [F83B7716] Mup.sys

Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [F83B774B] Mup.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSE [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_READ [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F83C419C] NDIS.sys

Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F83C419C] NDIS.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSE [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_READ [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [F8478718] KSecDD.sys

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [804EEF8E] ntoskrnl.exe

Device \Device\00000019

Device \Device\00000025

Device \Device\{8F0D5C78-E932-4011-B493-1996631A8728}

Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_READ [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_POWER [804F1AC2] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SYSTEM_CONTROL [80578686] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000032 IRP_MJ_PNP [80578EE2] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F8A4E46A] Beep.SYS

Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_CLOSE [F8A4E4B8] Beep.SYS

Device \Driver\Beep \Device\Beep IRP_MJ_READ [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [F8A4E400] Beep.SYS

Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [F8A4E354] Beep.SYS

Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_POWER [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\Beep \Device\Beep IRP_MJ_PNP [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE [EB996C24] netbt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLOSE [EB997330] netbt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_READ [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CONTROL [EB9973BA] netbt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97D3E6] netbt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLEANUP [EB99706E] netbt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_POWER [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_PNP [EB9901BC] netbt.sys

Device \Device\00000026

Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_READ [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_POWER [804F1AC2] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SYSTEM_CONTROL [80578686] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \Driver\PnpManager \Device\00000033 IRP_MJ_PNP [80578EE2] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE [F85EC7EA] netbios.sys

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CLOSE [F85EC7EA] netbios.sys

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_READ [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DEVICE_CONTROL [F85EC7EA] netbios.sys

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CLEANUP [F85EC7EA] netbios.sys

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_POWER [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe

Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_PNP [804EEF8E] ntoskrnl.exe

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EB9A46FF] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [EB9A7BBB] tcpip.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [EB9A7BBB] tcpip.sys

Device \Device\00000027

Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE_NAMED_PIPE [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_CLOSE [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_READ [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_WRITE [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_INFORMATION [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_INFORMATION [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_EA [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_EA [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_FLUSH_BUFFERS [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_VOLUME_INFORMATION [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_VOLUME_INFORMATION [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_DIRECTORY_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_FILE_SYSTEM_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_DEVICE_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SHUTDOWN [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_LOCK_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_CLEANUP [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE_MAILSLOT [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_SECURITY [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_SECURITY [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_POWER [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SYSTEM_CONTROL [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_DEVICE_CHANGE [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_QUOTA [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_QUOTA [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 IRP_MJ_PNP [F84EF740] ACPI.sys

Device \Driver\ACPI \Device\00000040 FastIoDetachDevice [F84EFAF4] ACPI.sys

Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE [F8708B74] termdd.sys

Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE_NAMED_PIPE [F8708B74] termdd.sys

Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CLOSE [F8708B74] te

tortiere · le 17 septembre 2006

C'est ce que je tente de faire mais bien que mes copier / coller dans la fenêtre de saisie du post soient acceptés avec une vérification de longueur de message à l'appui, ceux -ci sont en final tronqués après avoir envoyé ma réponse.

Je galère un peu mais bon je vais essayer de te présenter un rapport complet...

tortiere · le 17 septembre 2006

Je recommence...

=== 1ière coupe...