www.MegaLab.it

da **superipper** » sab feb 10, 2007 1:02 pm

Ciao a tutti sono nuovo qui,
da un paioi di giorni ho moltissimi problemi con un virus che ho beccato, non mi fa partire all'avvio AVG e neanche INCREDIMAIL non so cosa fare.
Eccovi il log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11.39.42, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\InterVideo\WinDVR\WinScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Screenshot Utility\ScreenshotUtility.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ema The Voice\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freeforumzone.leonardo.it/viewforum.aspx?f=12780
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122006 serial=DR12WES-3007622-EUW lang=IT
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Screenshot Utility.lnk = C:\Programmi\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programmi\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B95D902B-1E7B-4FCE-A965-BDF6C8278DB6}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

----------------------

Vi ringrazio in anticipo

da **Amantide** » sab feb 10, 2007 1:38 pm

Ciao e benvenuto [:)]

Scarica Gmer, vai su tab Rootkit, spunta la vose Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul blocco note o direttamente qui. Ripeti l'operazione anche per Autostart.

Una mezza idea ce l'avrei, però prima vorrei vedere i log di Gmer. [;)]

da **superipper** » sab feb 10, 2007 2:16 pm

ti posto il rookit, ti segnalo che arrivato al floppy mi ha dato un errore.
Grazie mille per l'aiuto:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-02-10 12:39:22
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose <-- ROOTKIT !!!
SSDT a347bus.sys ZwCreateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwCreatePagingFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwSetSystemPowerState <-- ROOTKIT !!!
SSDT sptd.sys ZwSetValueKey <-- ROOTKIT !!!

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804DFBFF
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804DFD7C
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804E015B
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804E02E0
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804E0441
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804E05BF
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804E0C33
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804E1060
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804E1185
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804E12CA
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804E1530
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804E1827
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804E1F25
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804E237F
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804E24BD
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804E262B
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1F \WINDOWS\system32\hal.dll 806EEFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804DF417
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804DF522
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804DF6C7
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804E0032
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804DEEA6
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804DE560
INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804DE56A
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804DE574
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804DE57E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe 804DE588
INT 0x35 \WINDOWS\system32\ntoskrnl.exe 804DE592
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804DE59C
INT 0x37 \WINDOWS\system32\hal.dll 806EE728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe 804DE5B0
INT 0x39 \WINDOWS\system32\ntoskrnl.exe 804DE5BA
INT 0x3A \WINDOWS\system32\ntoskrnl.exe 804DE5C4
INT 0x3B \WINDOWS\system32\ntoskrnl.exe 804DE5CE
INT 0x3C \WINDOWS\system32\ntoskrnl.exe 804DE5D8
INT 0x3D \WINDOWS\system32\hal.dll 806EFB70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe 804DE5EC
INT 0x3F \WINDOWS\system32\ntoskrnl.exe 804DE5F6
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804DE600
INT 0x41 \WINDOWS\system32\hal.dll 806EF9CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804DE614
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804DE61E
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804DE628
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804DE632
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804DE63C
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804DE646
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804DE650
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804DE65A
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804DE664
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804DE66E
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804DE678
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804DE682
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804DE68C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804DE696
INT 0x50 \WINDOWS\system32\hal.dll 806EE800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804DE6AA
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804DE6B4
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804DE6BE
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804DE6C8
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804DE6D2
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804DE6DC
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804DE6E6
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804DE6F0
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804DE6FA
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804DE704
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804DE70E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804DE718
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804DE722
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804DE72C
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804DE736
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804DE740
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804DE74A
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804DE768
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804DE772
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804DE77C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804DE786
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804DE790
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804DE79A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804DE7A4
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804DE7AE
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804DE7B8
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804DE7C2
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804DE7CC
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804DE7D6
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804DE7E0
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804DE7F4
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804DE808
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804DE812
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804DE81C
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804DE826
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804DE830
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804DE83A
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804DE844
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804DE84E
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804DE858
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804DE862
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804DE86C
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804DE876
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804DE880
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804DE88A
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804DE8B2
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804DE8BC
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804DE8C6
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804DE8D0
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804DE8DA
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804DE8E4
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804DE8EE
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804DE8F8
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804DE902
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804DE90C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804DE916
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804DE920
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804DE92A
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804DE952
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804DE95C
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804DE966
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804DE970
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804DE97A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804DE984
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804DE98E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804DE998
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804DE9A2
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804DE9AC
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804DE9B6
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804DE9C0
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804DE9CA
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804DE9D4
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804DE9F2
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804DE9FC
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804DEA06
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804DEA10
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804DEA1A
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804DEA24
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804DEA2E
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804DEA38
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804DEA42
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804DEA4C
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804DEA56
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804DEA60
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804DEA7E
INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 804DEA88
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804DEA92
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804DEA9C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804DEAA6
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804DEAB0
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804DEABA
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804DEAC4
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804DEACE
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804DEAD8
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804DEAE2
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804DEAEC
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804DEAF6
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804DEB00
INT 0xC1 \WINDOWS\system32\hal.dll 806EE984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804DEB14
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804DEB1E
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804DEB28
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804DEB32
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804DEB3C
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804DEB46
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 804DEB50
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 804DEB5A
INT 0xCA \WINDOWS\system32\ntoskrnl.exe 804DEB64
INT 0xCB \WINDOWS\system32\ntoskrnl.exe 804DEB6E
INT 0xCC \WINDOWS\system32\ntoskrnl.exe 804DEB78
INT 0xCD \WINDOWS\system32\ntoskrnl.exe 804DEB82
INT 0xCE \WINDOWS\system32\ntoskrnl.exe 804DEB8C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe 804DEB96
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 804DEBA0
INT 0xD1 \WINDOWS\system32\hal.dll 806EDD34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 804DEBB4
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 804DEBBE
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 804DEBC8
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 804DEBD2
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 804DEBDC
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 804DEBE6
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 804DEBF0
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 804DEBFA
INT 0xDA \WINDOWS\system32\ntoskrnl.exe 804DEC04
INT 0xDB \WINDOWS\system32\ntoskrnl.exe 804DEC0E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe 804DEC18
INT 0xDD \WINDOWS\system32\ntoskrnl.exe 804DEC22
INT 0xDE \WINDOWS\system32\ntoskrnl.exe 804DEC2C
INT 0xDF \WINDOWS\system32\ntoskrnl.exe 804DEC36
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 804DEC40
INT 0xE1 \WINDOWS\system32\hal.dll 806EEF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 804DEC54
INT 0xE3 \WINDOWS\system32\hal.dll 806EEC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 804DEC68
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 804DEC72
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 804DEC7C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 804DEC86
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 804DEC90
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 804DEC9A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe 804DECA4
INT 0xEB \WINDOWS\system32\ntoskrnl.exe 804DECAE
INT 0xEC \WINDOWS\system32\ntoskrnl.exe 804DECB8
INT 0xED \WINDOWS\system32\ntoskrnl.exe 804DECC2
INT 0xEE \WINDOWS\system32\ntoskrnl.exe 804DECC9
INT 0xEF \WINDOWS\system32\ntoskrnl.exe 804DECD0
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 804DECD7
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 804DECDE
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 804DECE5
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 804DECEC
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 804DECF3
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 804DECFA
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 804DED01
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 804DED08
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 804DED0F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 804DED16
INT 0xFA \WINDOWS\system32\ntoskrnl.exe 804DED1D
INT 0xFB \WINDOWS\system32\ntoskrnl.exe 804DED24
INT 0xFC \WINDOWS\system32\ntoskrnl.exe 804DED2B
INT 0xFD \WINDOWS\system32\hal.dll 806EF464
INT 0xFE \WINDOWS\system32\hal.dll 806EF604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe 804DED40

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DEF6F

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSEIRP_MJ_READ 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP_POWER 8338D940
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSEIRP_MJ_READ 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 83092598
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP_POWER 831670E8
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSEIRP_MJ_READ [F8529A76] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F8526159] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F8531B88] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F8531DF2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F8536492] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F8536585] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F85295D2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F853133D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F8529AB9] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F852035A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP_POWER [F852152D] Mup.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSEIRP_MJ_READ [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP_POWER [F8554982] NDIS.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSEIRP_MJ_READ [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP_POWER [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLOSEIRP_MJ_READ [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_WRITE [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_INTERNAL_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_MAILSLOT [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_PNP_POWER [805025E4] ntoskrnl.exe
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE_NAMED_PIPE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CLOSEIRP_MJ_READ [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_WRITE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_EA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_EA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_FLUSH_BUFFERS [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_VOLUME_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_VOLUME_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DIRECTORY_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_FILE_SYSTEM_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DEVICE_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_INTERNAL_DEVICE_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SHUTDOWN [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_LOCK_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CLEANUP [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE_MAILSLOT [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_SECURITY [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_SECURITY [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_POWER [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SYSTEM_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DEVICE_CHANGE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_QUOTA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_QUOTA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_PNP [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_PNP_POWER [F8606FEF] WudfPf.sys
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F8D6C46A] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLOSEIRP_MJ_READ [F8D6C4B8] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D6C400] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [F8D6C354] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE

da **superipper** » sab feb 10, 2007 2:18 pm

AUTOSTART:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2007-02-10 12:40:46
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Alerter /*Avvisi*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
C-DillaCdaC11BA /*C-DillaCdaC11BA*/@ = C:\WINDOWS\system32\drivers\CDAC11BA.EXE
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe" /*file not found*/
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemRoot%\System32\svchost.exe -k netsvcs
WudfSvc /*Windows Driver Foundation - User-mode Driver Framework*/@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CorelDRAW Graphics Suite 11bC:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122006 serial=DR12WES-3007622-EUW lang=IT /*file not found*/ = C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122006 serial=DR12WES-3007622-EUW lang=IT /*file not found*/
@GSICONEXEGSICON.EXE = GSICON.EXE
@TerraTec Remote ControlC:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe = C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
@AudioHQC:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE = C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
@SSBkgdUpdateC:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot /*file not found*/ = C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot /*file not found*/
@H2OC:\Programmi\SyncroSoft\Pos\H2O\cledx.exe = C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Easy-PrintToolBoxC:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon = C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@IncrediMailC:\Programmi\IncrediMail\bin\IncMail.exe /c = C:\Programmi\IncrediMail\bin\IncMail.exe /c

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/(null) =
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 DragDrop Shell Extension*/(null) =
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/(null) =
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Property Sheet Shell Extension*/(null) =
@CorelDRAW Shell Extension Component /*CorelDRAW Shell Extension Component*/(null) =
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Documents and Settings\Ema The Voice\Desktop\Unlocker\UnlockerCOM.dll = C:\Documents and Settings\Ema The Voice\Desktop\Unlocker\UnlockerCOM.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
DAP_Menu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Documents and Settings\Ema The Voice\Desktop\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll = C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://freeforumzone.leonardo.it/vi ... px?f=12780 = http://freeforumzone.leonardo.it/viewforum.aspx?f=12780
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\Ema The Voice\Menu Avvio\Programmi\Esecuzione automatica = Screenshot Utility.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
InterVideo WinCinema Manager.lnk = InterVideo WinCinema Manager.lnk
InterVideo WinScheduler.lnk = InterVideo WinScheduler.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----

da **Amantide** » sab feb 10, 2007 3:18 pm

Niente di che [uhm]

Prova a fare la scansione con Blacklight e vedi se ti trova qualche rootkit o file nascosti e posta qui anche il suo log di scansione.
Altrimenti prova a reinstalare i programmi che non funzionano correttamente.

da **superipper** » sab feb 10, 2007 3:27 pm

sto facendo la scansione con il programma che mi hai linkato, pero' qualcosa c'e' di sicuro poichè gmer mi segnala alcuni processi in rosso e poi nella cartella temp mi si forma il famigerato .exe con le labbra come icona [:p]

che cambia nome una volta cancellato. Appena finisce lo scan ti posto il risultato di BLBLETAC.EXE

da **Amantide** » sab feb 10, 2007 3:32 pm

Ah, ecco... quindi hai il dialer dalle labbra rosse, che spesso viene accompagnato dal rootkit Rustock.
Finita la scansione postami il log e poi esegui i tools per la rimozione di Rustock indicati in questo articolo. Una volta eliminato il rootkit potrai eliminare il resto.

da **superipper** » sab feb 10, 2007 3:46 pm

02/10/07 13:43:19 [Info]: BlackLight Engine 1.0.55 initialized
02/10/07 13:43:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/10/07 13:43:19 [Note]: 7019 4
02/10/07 13:43:19 [Note]: 7005 0
02/10/07 13:43:19 [Note]: 7006 0
02/10/07 13:43:19 [Note]: 7011 1404
02/10/07 13:43:20 [Note]: 7026 0
02/10/07 13:43:20 [Note]: 7026 0
02/10/07 13:43:29 [Note]: FSRAW library version 1.7.1021
02/10/07 13:52:04 [Note]: 2000 1012
02/10/07 13:52:04 [Note]: 7007 0

da **Amantide** » sab feb 10, 2007 3:50 pm

Tutto qui? [uhm]

Mi scrivi che processi Gmer ti segnala in rosso?
Intanto prova ad usare i tools per la rimozione di Rustock.

da **superipper** » sab feb 10, 2007 4:12 pm

Ecco cosa mi dice il tools di rimozione:

************************* Rustock.b-fix -- By ejvindh *************************
10/02/2007 13.56.55,46

No Rustock.b-rootkits found

******************************* End of Logfile ********************************

il che e' molto strano :|

Guarda ti riposto il file g-mer perché sono un casino i file segnati in rosso, praticamente tutti quelli con scritto accanto ROOTKIT

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-02-10 14:11:34
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose <-- ROOTKIT !!!
SSDT a347bus.sys ZwCreateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwCreatePagingFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwSetSystemPowerState <-- ROOTKIT !!!
SSDT sptd.sys ZwSetValueKey <-- ROOTKIT !!!

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804DFBFF
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804DFD7C
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804E015B
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804E02E0
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804E0441
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804E05BF
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804E0C33
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804E1060
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804E1185
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804E12CA
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804E1530
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804E1827
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804E1F25
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804E237F
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804E24BD
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804E262B
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x1F \WINDOWS\system32\hal.dll 806EEFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804DF417
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804DF522
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804DF6C7
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804E0032
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804DEEA6
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804E225A
INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804DE560
INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804DE56A
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804DE574
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804DE57E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe 804DE588
INT 0x35 \WINDOWS\system32\ntoskrnl.exe 804DE592
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804DE59C
INT 0x37 \WINDOWS\system32\hal.dll 806EE728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe 804DE5B0
INT 0x39 \WINDOWS\system32\ntoskrnl.exe 804DE5BA
INT 0x3A \WINDOWS\system32\ntoskrnl.exe 804DE5C4
INT 0x3B \WINDOWS\system32\ntoskrnl.exe 804DE5CE
INT 0x3C \WINDOWS\system32\ntoskrnl.exe 804DE5D8
INT 0x3D \WINDOWS\system32\hal.dll 806EFB70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe 804DE5EC
INT 0x3F \WINDOWS\system32\ntoskrnl.exe 804DE5F6
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804DE600
INT 0x41 \WINDOWS\system32\hal.dll 806EF9CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804DE614
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804DE61E
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804DE628
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804DE632
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804DE63C
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804DE646
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804DE650
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804DE65A
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804DE664
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804DE66E
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804DE678
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804DE682
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804DE68C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804DE696
INT 0x50 \WINDOWS\system32\hal.dll 806EE800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804DE6AA
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804DE6B4
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804DE6BE
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804DE6C8
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804DE6D2
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804DE6DC
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804DE6E6
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804DE6F0
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804DE6FA
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804DE704
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804DE70E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804DE718
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804DE722
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804DE72C
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804DE736
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804DE740
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804DE74A
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804DE768
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804DE772
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804DE77C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804DE786
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804DE790
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804DE79A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804DE7A4
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804DE7AE
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804DE7B8
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804DE7C2
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804DE7CC
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804DE7D6
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804DE7E0
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804DE7F4
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804DE808
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804DE812
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804DE81C
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804DE826
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804DE830
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804DE83A
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804DE844
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804DE84E
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804DE858
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804DE862
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804DE86C
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804DE876
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804DE880
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804DE88A
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804DE8B2
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804DE8BC
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804DE8C6
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804DE8D0
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804DE8DA
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804DE8E4
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804DE8EE
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804DE8F8
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804DE902
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804DE90C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804DE916
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804DE920
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804DE92A
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804DE952
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804DE95C
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804DE966
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804DE970
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804DE97A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804DE984
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804DE98E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804DE998
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804DE9A2
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804DE9AC
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804DE9B6
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804DE9C0
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804DE9CA
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804DE9D4
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804DE9F2
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804DE9FC
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804DEA06
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804DEA10
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804DEA1A
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804DEA24
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804DEA2E
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804DEA38
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804DEA42
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804DEA4C
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804DEA56
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804DEA60
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804DEA7E
INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 804DEA88
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804DEA92
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804DEA9C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804DEAA6
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804DEAB0
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804DEABA
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804DEAC4
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804DEACE
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804DEAD8
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804DEAE2
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804DEAEC
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804DEAF6
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804DEB00
INT 0xC1 \WINDOWS\system32\hal.dll 806EE984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804DEB14
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804DEB1E
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804DEB28
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804DEB32
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804DEB3C
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804DEB46
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 804DEB50
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 804DEB5A
INT 0xCA \WINDOWS\system32\ntoskrnl.exe 804DEB64
INT 0xCB \WINDOWS\system32\ntoskrnl.exe 804DEB6E
INT 0xCC \WINDOWS\system32\ntoskrnl.exe 804DEB78
INT 0xCD \WINDOWS\system32\ntoskrnl.exe 804DEB82
INT 0xCE \WINDOWS\system32\ntoskrnl.exe 804DEB8C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe 804DEB96
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 804DEBA0
INT 0xD1 \WINDOWS\system32\hal.dll 806EDD34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 804DEBB4
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 804DEBBE
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 804DEBC8
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 804DEBD2
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 804DEBDC
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 804DEBE6
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 804DEBF0
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 804DEBFA
INT 0xDA \WINDOWS\system32\ntoskrnl.exe 804DEC04
INT 0xDB \WINDOWS\system32\ntoskrnl.exe 804DEC0E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe 804DEC18
INT 0xDD \WINDOWS\system32\ntoskrnl.exe 804DEC22
INT 0xDE \WINDOWS\system32\ntoskrnl.exe 804DEC2C
INT 0xDF \WINDOWS\system32\ntoskrnl.exe 804DEC36
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 804DEC40
INT 0xE1 \WINDOWS\system32\hal.dll 806EEF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 804DEC54
INT 0xE3 \WINDOWS\system32\hal.dll 806EEC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 804DEC68
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 804DEC72
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 804DEC7C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 804DEC86
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 804DEC90
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 804DEC9A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe 804DECA4
INT 0xEB \WINDOWS\system32\ntoskrnl.exe 804DECAE
INT 0xEC \WINDOWS\system32\ntoskrnl.exe 804DECB8
INT 0xED \WINDOWS\system32\ntoskrnl.exe 804DECC2
INT 0xEE \WINDOWS\system32\ntoskrnl.exe 804DECC9
INT 0xEF \WINDOWS\system32\ntoskrnl.exe 804DECD0
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 804DECD7
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 804DECDE
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 804DECE5
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 804DECEC
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 804DECF3
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 804DECFA
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 804DED01
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 804DED08
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 804DED0F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 804DED16
INT 0xFA \WINDOWS\system32\ntoskrnl.exe 804DED1D
INT 0xFB \WINDOWS\system32\ntoskrnl.exe 804DED24
INT 0xFC \WINDOWS\system32\ntoskrnl.exe 804DED2B
INT 0xFD \WINDOWS\system32\hal.dll 806EF464
INT 0xFE \WINDOWS\system32\hal.dll 806EF604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe 804DED40

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DEF6F

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSEIRP_MJ_READ 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8338D940
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP_POWER 8338D940
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSEIRP_MJ_READ 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 83092598
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT 831670E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP_POWER 831670E8
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSEIRP_MJ_READ [F8529A76] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F8526159] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F8531B88] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F8531DF2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F8536492] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F8536585] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F85295D2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F853133D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F8529AB9] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F8524A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F852035A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F852152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP_POWER [F852152D] Mup.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSEIRP_MJ_READ [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F8554982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP_POWER [F8554982] NDIS.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSEIRP_MJ_READ [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [F8621D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP_POWER [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLOSEIRP_MJ_READ [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_WRITE [ECCD34A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_INTERNAL_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_MAILSLOT [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_POWER [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_DEVICE_CHANGE [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_QUOTA [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_PNP [805025E4] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_PNP_POWER [805025E4] ntoskrnl.exe
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE_NAMED_PIPE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CLOSEIRP_MJ_READ [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_WRITE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_EA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_EA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_FLUSH_BUFFERS [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_VOLUME_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_VOLUME_INFORMATION [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DIRECTORY_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_FILE_SYSTEM_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DEVICE_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_INTERNAL_DEVICE_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SHUTDOWN [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_LOCK_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CLEANUP [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_CREATE_MAILSLOT [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_SECURITY [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_SECURITY [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_POWER [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SYSTEM_CONTROL [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_DEVICE_CHANGE [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_QUERY_QUOTA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_SET_QUOTA [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_PNP [F8606FEF] WudfPf.sys
Device \Driver\WudfPf \Device\WUDFLpcDevice IRP_MJ_PNP_POWER [F8606FEF] WudfPf.sys
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F8D6C46A] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLOSEIRP_MJ_READ [F8D6C4B8] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D6C400] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [F8D6C354] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [805025E4] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_POWER

da **Amantide** » sab feb 10, 2007 4:31 pm

Quel file in rosso sono i cosidetti rootkit buoni [boh]

Proviamo con un altro tool più comleto.
Fai la scansione con Systemscan ed allega qui in forma di un allegato il file report.txt che si trova in c:/suspectfile

da **superipper** » sab feb 10, 2007 5:19 pm

eccoti il file, in piu' ho notato che al riavvio del pc parte tra i processi automatici iexplorer.exe pur non aprendo ancora il browser. [uhm]

da **superipper** » sab feb 10, 2007 5:21 pm

eccoti un link esterno del file perché con il vostro servizio non riesco a caricarlo:

http://img1.freeforumzone.it/upload1/122293_report.txt

da **Amantide** » sab feb 10, 2007 6:53 pm

superipper ha scritto:eccoti un link esterno del file perché con il vostro servizio non riesco a caricarlo:

http://img1.freeforumzone.it/upload1/122293_report.txt

Ottimo!

Ora iniziamo con le brutte notizie [fischio]

Forse ti sei beccato il virus Sasser, C:\WINDOWS\system32\lsasss.exe anche se stranamente oltre a questo lsasss con 3 esse non si vede nient' altro, potrebbe anche essere un errore di Systemscan. [boh]

Prova a rimuoverlo con questo tool, FxSasser

Per quanto riguarda il dialer... Abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti), scarica Unlocker o KillBox, trova ed elimina questi file in rosso insieme all'intera cartella RarSFX0
C:\DOCUME~1\EMATHE~1\IMPOST~1\Temp\RarSFX0\runme.exe
C:\DOCUME~1\EMATHE~1\IMPOST~1\Temp\RarSFX0\LISTDLLS.exe

Con aiuto di CCleaner svuota le cartelle con i file temporanei, deve sparire questo file:
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR9.tmp

da **superipper** » sab feb 10, 2007 7:46 pm

Allora il tool di norton non ha trovato nulla:

C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\prociuttino@hotmail.it\SharingMetadata\prociuttina@hotmail.it\DFSR\Staging\CS{CBA278B3-0728-C75C-A52E-83D6D8E53A3A}\01\10-{CBA278B3-0728-C75C-A52E-83D6D8E53A3A}-v1-{C1BE113A-BE76-4BE8-8670-C31180083A26}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\prociuttino@hotmail.it\SharingMetadata\prociuttina@hotmail.it\DFSR\Staging\CS{CBA278B3-0728-C75C-A52E-83D6D8E53A3A}\11\12-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v11-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v12-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\prociuttino@hotmail.it\SharingMetadata\prociuttina@hotmail.it\DFSR\Staging\CS{CBA278B3-0728-C75C-A52E-83D6D8E53A3A}\17\19-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v17-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v19-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\prociuttino@hotmail.it\SharingMetadata\prociuttina@hotmail.it\DFSR\Staging\CS{CBA278B3-0728-C75C-A52E-83D6D8E53A3A}\17\21-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v17-{6610B62A-5DE5-4688-8B7C-F038C7088D66}-v21-Partial.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
W32.Sasser.Worm has not been found on your computer.

mentre il file PXR9.tmp non me lo fa eliminare, mi dice che è in uso ho provato ad eliminarlo con unlocker ma al riavvio è sempre presente il file, non si puo' eliminare tramite avenger o qualcosa di simile?

iexplorer.exe spunta sempre al riavvio e tenta di collegarsi subito ad internet [boh]

da **Amantide** » sab feb 10, 2007 7:53 pm

Prova allora ad eseguire con Avenger questo script:

Files to delete:
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\RarSFX0\runme.exe
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\RarSFX0\LISTDLLS.exe
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\PXR9.tmp

folders to delete:
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\RarSFX0

Sotto al Files to delete inserisci anche il percorso del file che ha icona delle labbra rosse.

da **superipper** » sab feb 10, 2007 8:22 pm

allora i file dopo il riavvio sono scomparsi quindi questo problema credo che lo abbiamo risolto [^]

adesso rimane questo maledetto iexplorer.exe che mi parte all'avvio [uhm]

grazie ancora per tutto l'aiuto che mi stai dando

da **Amantide** » sab feb 10, 2007 8:36 pm

superipper ha scritto: adesso rimane questo maledetto iexplorer.exe che mi parte all'avvio grazie ancora per tutto l'aiuto che mi stai dando

Ti consiglio di disinstallare DAP, contiene un adware.
C:\PROGRA~1\DAP\DAPIE.DLL

Dopo fai la scansione dalla modalità provvisoria con A-squared e Superantispyware.

da **superipper** » dom feb 11, 2007 8:40 am

kapersky mi ha trovato un virus [cry+]

:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 11, 2007 3:56:07 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/02/2007
Kaspersky Anti-Virus database records: 251828
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 92554
Number of viruses found: 2
Number of infected objects: 45 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:49:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Cronologia\History.IE5\MSHist012007021020070211\index.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temp\L113.exe Object is locked skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6FG3ILOT\drf1171140862[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6FG3ILOT\drf1171140862[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6FG3ILOT\drf1171140862[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\6FG3ILOT\drf1171140862[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\Ema The Voice\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ema The Voice\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ema The Voice\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166475589[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166791798[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\L3SAJAII\drf1166857559[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166599670[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166705893[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OXYZ412Z\drf1166776918[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166468149[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm/EXE-file Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z1R60L6Z\drf1166784358[1].htm PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\eMule\Temp\002.part Object is locked skipped
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Grisoft\AVG7\avgcc.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\QuickTime\qttask.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Syncrosoft\POS\H2O\cledx.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5949.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\lsapzxss.exe Object is locked skipped
C:\WINDOWS\system32\lsasss.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\managxce.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\atv.job Object is locked skipped
C:\WINDOWS\Tasks\bqeaj.job Object is locked skipped
C:\WINDOWS\Tasks\dtpzjlur.job Object is locked skipped
C:\WINDOWS\Tasks\gucr.job Object is locked skipped
C:\WINDOWS\Tasks\kkc.job Object is locked skipped
C:\WINDOWS\Tasks\lletazl.job Object is locked skipped
C:\WINDOWS\Tasks\lvx.job Object is locked skipped
C:\WINDOWS\Tasks\pnlk.job Object is locked skipped
C:\WINDOWS\Tasks\qgdmd.job Object is locked skipped
C:\WINDOWS\Tasks\tpkbkbbh.job Object is locked skipped
C:\WINDOWS\Tasks\uise.job Object is locked skipped
C:\WINDOWS\Tasks\ynmlx.job Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
----------------------------------------

che fare??

da **crazy.cat** » dom feb 11, 2007 10:21 am

Per tutti i file nelle cartelle temp e dei temporanei di internet prendi ccleaner e fagli cancellare tutto

Qui ci sono alcuni file infetti che puoi risolvere disinstallando i programmi collegati a loro e poi reinstallandoli.
E' infettato anche l'antivirus, pensa se sia il caso di passare ad un altro antivirus come antivir pe.

C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Grisoft\AVG7\avgcc.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\QuickTime\qttask.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Syncrosoft\POS\H2O\cledx.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

Questi tre file sono fasulli e quindi li puoi eliminare con unlocker o dalla modalità provvisoria senz aproblemi.
C:\WINDOWS\system32\lsapzxss.exe Object is locked skipped
C:\WINDOWS\system32\lsasss.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\managxce.exe Object is locked skipped

Hai creato tu questi task, o operazioni pianificate?
C:\WINDOWS\Tasks\atv.job Object is locked skipped
C:\WINDOWS\Tasks\bqeaj.job Object is locked skipped
C:\WINDOWS\Tasks\dtpzjlur.job Object is locked skipped
C:\WINDOWS\Tasks\gucr.job Object is locked skipped
C:\WINDOWS\Tasks\kkc.job Object is locked skipped
C:\WINDOWS\Tasks\lletazl.job Object is locked skipped
C:\WINDOWS\Tasks\lvx.job Object is locked skipped
C:\WINDOWS\Tasks\pnlk.job Object is locked skipped
C:\WINDOWS\Tasks\qgdmd.job Object is locked skipped
C:\WINDOWS\Tasks\tpkbkbbh.job Object is locked skipped
C:\WINDOWS\Tasks\uise.job Object is locked skipped
C:\WINDOWS\Tasks\ynmlx.job Object is locked skipped

www.MegaLab.it

Virus, Dialer e chissà cos'altro

Virus, Dialer e chissà cos'altro

Chi c’è in linea