ConnectionServices....?!?!

[wwwmagnottait]

Hola!
Come se non bastasse Link Optimizer (nel quale mi sono gia imbattuto di recente, e con il quale credo di aver risolto: ne ho parlato nel topic relativo)

Ora su Iexplorer, in siti a caso e su alcune parole (che non dovrebbero avere link) compare un link sospetto....
Sulla parola "Fiesta" ad esempio, se ci passo sopra con il mouse, leggo goto:fiesta
E se ci clicco, il link a cui mi porta è:
http://wlow.net/wlink.php?qq=fiesta&index=2

Poi con google, per qualunque ricerca io faccia, mi compare un popup con su scritto "Looking for (la chiave di ricerca)? Architecturals.net antique restoration center: CLICK HERE TO ENTER"

Poi...sulla lista di "Istallazione Applicazioni" di WinXP compare una voce sospetta: ConnectionServices
Ovviamente, dopo l'esperienza di Link Optimizer, non l'ho disinstallato, e attendo da voi esperti suggerimenti su come debellare questa ennesima rottura di scatole

Ho fatto scansioni con Adaware, Spybot e Kaspersky (tutto pulito), mentre con Ewido mi trova diverse cose, mi dice che me le ha cancellate ma alla successiva scansione me le ritrova
Questa è invece l'ultima scansione di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 0.28.17, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kxmixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Internet Explorer\iexplore.exe
I:\Utility\Compressi2\Antivirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.194.98.174:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = jweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {832AED3B-C509-1533-97BB-840EAB6BEDC8} - C:\WINDOWS\wjhme1.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\UTILITY\ICQ2003\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6534158937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/pctester/files/ ... reQual.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Spero di avervi dato tutte le info per aiutarmi....
Grazie in anticipo

[BilloKenobi]

allora, hai diverse cosucce

prima di tutto con HJT fixa

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

inoltre volevo chiederti se fai uso di proxy


inoltre sei affetto da LinkOptimizer. per risolvere scarica gmer (http://www.gmer.net/files.php ) e posta i log della sezione "autostart" e "rootkit"

poi scarica anche

Ccleaner (http://download.ccleaner.com/ccsetup132.exe)
MyUninstaller (http://www.puntocr.it/index/downloads_r ... d/214.html )
The Avenger (http://swandog46.geekstogo.com/avenger.zip)

[wwwmagnottait]

alur....
1) ho tolto con Hikack O3 toolbar....ma O23 Service: Power Manager lo fixo ma a ogni scan ricompare
2) Non posso usare Gmer....mi si impalla il pc
3) Non uso proxies
4) Con Myunistaller tolgo la voce relativa a ConnectionServices?!
5) Altre mosse?

Grazie

[Luke57]

Ciao, non sono certo dell'assenza di linkoptimizer dal tuo computer:
Gmer scaricalo da qui:
http://www.suspectfile.com/upload/files/tools/gmer.zip
posta poi i log delle due scansioni (rootkit e autostart)

[wwwmagnottait]

Ciao Luke
Come già detto, sia nel topic di linkoptimizer che in questo, non posso usare Gmer perchè non appena lo lancio mi si impalla il pc e mi si auto-riavvia!
C'è qualche altro programma similare che compia le stesse operazioni di Gmer o un modo differente per avviarlo?
Thx!

[BilloKenobi]

allora,

prima pensiamo al LinkOptimizer, poi alle voci di HJT

prova a usare RootkitRelevear

http://www.sysinternals.com/Utilities/R ... ealer.html

[Luke57]

Ciao, prova a utilizare questa versione di GMer:
http://www.suspectfile.com/upload/files/tools/gmer.zip

[wwwmagnottait]

Ciao, prova a utilizare questa versione di GMer:
http://www.suspectfile.com/upload/files/tools/gmer.zip

Ciao Luke
No, nemmeno questa funzia...appena la lancio mi si reboota il pc....invece ho notato che Gmer mi funziona in Modalità Provvisoria (Ps ho Win XP Pro SP2)...è uguale una scansione in modalità provvisoria con Gmer? E se si, che settaggi devo usare per la scansione?
Altrimenti non so, se puoi consigliarmi un programma alternativo a Gmer forse è meglio
Poscia: questo è quello che mi compare con la scansione con RootkitRevealer:
http://www.margotband.com/rootkit.jpg
Ho dovuto postare una schermata perchè se provo a fare "save" una volta terminata la scansione con Rootkit, mi si impalla e non salva niente

Help

[Luke57]

Ciao, prova con Gmer dalla mod.provvisoria (log nella posizione rootkit e nella posizione autostart)

[lucas/s]

I programmi con la nuova variante o funzionano tutti o non funziona nessuno,il malware è attivo anche in provvisoria, quindi teoricamente non dovrebbe funzionare gmer in provvisoria,invece a te funziona,elimina i files segnati sotto
C:\Windows\gmer.dll
C:\Windows\gmer.exe
C:\Windows\gmer.ini
C:\Windows\gmer.log
C:\Windows\System32\drivers\gmer.sys

Clicca su start>impostazioni>pannello di controllo>sistema>clicca sul tag "Hardware" clicca su "Gestioni periferiche"
Clicca su "Visualizza" seleziona l'opzione "Visualizza periferiche nascoste" la lista delle periferiche andrò in refresh attendi,adesso clicca sul + di "Driver non plug and play" ti si apre la lista,scorrila e vedrai la voce Gmer,seleziona la voce tasto destro e scegli disinstalla,ti chiederò il riavvio,tu riavvia e prova a riusare gmer

Ciao

[wwwmagnottait]

fatto....ma anche in questo modo Gmer non va, e mi riavvia il pc
in mancanza di un programma simile che faccia lo stesso lavoro di Gmer, proverò in modalità provvisoria....

[wwwmagnottait]

ecco i log di Gmer in modalità provvisoria
spero servano


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-28 17:51:29
Windows 4.10.67766446


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\:xpsp1hff.log

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
PowerManager /*Power Manager*/@ = C:\WINDOWS\svchost.exe /*file not found*/
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@kX Mixer = C:\WINDOWS\system32\kxmixer.exe --startup

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@PeerGuardianC:\Programmi\PeerGuardian2\pg2.exe = C:\Programmi\PeerGuardian2\pg2.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%system%\webcheck.dll /*file not found*/ = %system%\webcheck.dll /*file not found*/
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%system%\webcheck.dll /*file not found*/ = %system%\webcheck.dll /*file not found*/
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{709C6E11-538F-4759-86AC-6ACB302AA0DE} /*Desktop Manager*/C:\WINDOWS\System32\msvdm.dll = C:\WINDOWS\System32\msvdm.dll
@(null) =
@{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} /*PhotoToys*/C:\WINDOWS\System32\phototoys.dll = C:\WINDOWS\System32\phototoys.dll
@{efb97cb8-a4a4-4357-a261-002ffaed0267} /*CD Slideshow Powertoy*/C:\WINDOWS\System32\slideshow.dll = C:\WINDOWS\System32\slideshow.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{F802F260-519B-11D1-BB5D-0060974C6013} /*ICQ Shell Extension*/E:\Utility\icq2003\ICQShExt.dll = E:\Utility\icq2003\ICQShExt.dll
@{8f7261d0-d2b9-11d2-9909-00605205b24c} /*CuteFTP Shell Extension*/E:\UTILITY\CUTEFTP\CuteShell.dll = E:\UTILITY\CUTEFTP\CuteShell.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealOne Player\rpshell.dll = C:\Programmi\Real\RealOne Player\rpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{CA1526B3-2D7E-11d4-B07F-0050DA5BB3E6} /*Fotocamera Agfa*/C:\Programmi\Agfa\AgfaCam\AgfaCam.dll = C:\Programmi\Agfa\AgfaCam\AgfaCam.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{64BC5640-700F-4E7E-8462-D3092DD74B0F} /*VDMSound LaunchPad*/C:\Programmi\VDMSound\LaunchPad.dll = C:\Programmi\VDMSound\LaunchPad.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AntiVir/Win@{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programmi\AVPersonal\AVShlExt.DLL
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = E:\UTILITY\CUTEFTP\CuteShell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = E:\UTILITY\CUTEFTP\CuteShell.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AntiVir/Win@{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programmi\AVPersonal\AVShlExt.DLL
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{832AED3B-C509-1533-97BB-840EAB6BEDC8}C:\WINDOWS\wjhme1.dll = C:\WINDOWS\wjhme1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = none /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.10 ----

************************************************************

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-28 17:53:47
Windows 4.10.67766446


---- System - GMER 1.0.10 ----

SSDT d346bus.sys ZwClose
SSDT d346bus.sys ZwCreateKey
SSDT d346bus.sys ZwCreatePagingFile
SSDT d346bus.sys ZwEnumerateKey
SSDT d346bus.sys ZwEnumerateValueKey
SSDT d346bus.sys ZwOpenFile
SSDT d346bus.sys ZwOpenKey
SSDT d346bus.sys ZwQueryKey
SSDT d346bus.sys ZwQueryValueKey
SSDT d346bus.sys ZwSetSystemPowerState

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804E164F
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804E1A99
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804E1BCE
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804E1D34
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1F \WINDOWS\system32\hal.dll 806EDFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804DDCF0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804DDCFA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804DDD0E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe 804DDD18
INT 0x35 \WINDOWS\system32\ntoskrnl.exe 804DDD22
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804DDD2C
INT 0x37 \WINDOWS\system32\hal.dll 806ED728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe 804DDD40
INT 0x39 \WINDOWS\system32\ntoskrnl.exe 804DDD4A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe 804DDD54
INT 0x3B \WINDOWS\system32\ntoskrnl.exe 804DDD5E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe 804DDD68
INT 0x3D \WINDOWS\system32\hal.dll 806EEB70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe 804DDD7C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe 804DDD86
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804DDD90
INT 0x41 \WINDOWS\system32\hal.dll 806EE9CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804DDE26
INT 0x50 \WINDOWS\system32\hal.dll 806ED800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804DDEDA
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804DDF84
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804DE01A
INT 0x84 \WINDOWS\system32\ntoskrnl.exe 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804DE0BA
INT 0x92 \WINDOWS\system32\ntoskrnl.exe 804DE0C4
INT 0x94 \WINDOWS\system32\ntoskrnl.exe 804DE0D8
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804DE164
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 804DE178
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804DE1F0
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804DE20E
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804DE290
INT 0xC1 \WINDOWS\system32\hal.dll 806ED984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804DE2D6
INT 0xC8 \WI

[wwwmagnottait]

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-28 17:53:47
Windows 4.10.67766446


---- System - GMER 1.0.10 ----

SSDT d346bus.sys ZwClose
SSDT d346bus.sys ZwCreateKey
SSDT d346bus.sys ZwCreatePagingFile
SSDT d346bus.sys ZwEnumerateKey
SSDT d346bus.sys ZwEnumerateValueKey
SSDT d346bus.sys ZwOpenFile
SSDT d346bus.sys ZwOpenKey
SSDT d346bus.sys ZwQueryKey
SSDT d346bus.sys ZwQueryValueKey
SSDT d346bus.sys ZwSetSystemPowerState

INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804E164F
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804E1A99
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804E1BCE
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804E1D34
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1F \WINDOWS\system32\hal.dll 806EDFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804DDCF0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804DDCFA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804DDD0E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe 804DDD18
INT 0x35 \WINDOWS\system32\ntoskrnl.exe 804DDD22
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804DDD2C
INT 0x37 \WINDOWS\system32\hal.dll 806ED728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe 804DDD40
INT 0x39 \WINDOWS\system32\ntoskrnl.exe 804DDD4A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe 804DDD54
INT 0x3B \WINDOWS\system32\ntoskrnl.exe 804DDD5E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe 804DDD68
INT 0x3D \WINDOWS\system32\hal.dll 806EEB70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe 804DDD7C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe 804DDD86
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804DDD90
INT 0x41 \WINDOWS\system32\hal.dll 806EE9CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804DDE26
INT 0x50 \WINDOWS\system32\hal.dll 806ED800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804DDEDA
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804DDF84
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804DE01A
INT 0x84 \WINDOWS\system32\ntoskrnl.exe 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804DE0BA
INT 0x92 \WINDOWS\system32\ntoskrnl.exe 804DE0C4
INT 0x94 \WINDOWS\system32\ntoskrnl.exe 804DE0D8
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804DE164
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 804DE178
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804DE1F0
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804DE20E
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804DE290
INT 0xC1 \WINDOWS\system32\hal.dll 806ED984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804DE2D6
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 804DE2E0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 804DE2EA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe 804DE2F4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe 804DE2FE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe 804DE308
INT 0xCD \WINDOWS\system32\ntoskrnl.exe 804DE312
INT 0xCE \WINDOWS\system32\ntoskrnl.exe 804DE31C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe 804DE326
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 804DE330
INT 0xD1 \WINDOWS\system32\hal.dll 806ECD34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 804DE344
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 804DE34E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 804DE358
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 804DE362
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 804DE36C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 804DE376
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 804DE380
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 804DE38A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe 804DE394
INT 0xDB \WINDOWS\system32\ntoskrnl.exe 804DE39E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe 804DE3A8
INT 0xDD \WINDOWS\system32\ntoskrnl.exe 804DE3B2
INT 0xDE \WINDOWS\system32\ntoskrnl.exe 804DE3BC
INT 0xDF \WINDOWS\system32\ntoskrnl.exe 804DE3C6
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 804DE3D0
INT 0xE1 \WINDOWS\system32\hal.dll 806EDF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 804DE3E4
INT 0xE3 \WINDOWS\system32\hal.dll 806EDC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 804DE3F8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 804DE402
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 804DE40C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 804DE416
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 804DE420
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 804DE42A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe 804DE434
INT 0xEB \WINDOWS\system32\ntoskrnl.exe 804DE43E
INT 0xEC \WINDOWS\system32\ntoskrnl.exe 804DE448
INT 0xED \WINDOWS\system32\ntoskrnl.exe 804DE452
INT 0xEE \WINDOWS\system32\ntoskrnl.exe 804DE459
INT 0xEF \WINDOWS\system32\ntoskrnl.exe 804DE460
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 804DE467
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 804DE46E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 804DE475
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 804DE47C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 804DE483
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 804DE48A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 804DE491
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 804DE498
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 804DE49F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 804DE4A6
INT 0xFA \WINDOWS\system32\ntoskrnl.exe 804DE4AD
INT 0xFB \WINDOWS\system32\ntoskrnl.exe 804DE4B4
INT 0xFC \WINDOWS\system32\ntoskrnl.exe 804DE4BB
INT 0xFD \WINDOWS\system32\hal.dll 806EE464
INT 0xFE \WINDOWS\system32\hal.dll 806EE604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe 804DE4D0

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DE6F0

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73F0E37] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSEIRP_MJ_READ [F73F0320] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86F13D80
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73CCBCA] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73F14D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73CEA58] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73F14D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73F14D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73F6A68] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73F161C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73F161C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73F32C3] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73F86D5] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73F161C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73DF621] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7444B11] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73F0CEE] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73F161C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73F161C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73F14D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F73F14D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP_POWER [F740FF3F] Ntfs.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F70F3C8A] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSEIRP_MJ_READ [F70F07C8] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 869EA4F0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION [F70ECAED] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [F70F7958] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [F70FA821] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA [F710338A] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS [F7102D49] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [F70FCBBE] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [F70FD331] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL [F710B4F4] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [F70F3B37] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL [F70EF948] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL [F70F946B] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL [F710A79D] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP [F7109C4A] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT [F70F02FD] Fastfat.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [805031BE] ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP_POWER [F710A1DB] Fastfat.SYS
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F7374A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F7374A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSEIRP_MJ_READ [F7379A76] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F7376159] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F7381B88] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F7381DF2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F7386492] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F7386585] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F73795D2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F738133D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F7379AB9] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F7374A80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F737035A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F737152D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP_POWER [F737152D] Mup.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSEIRP_MJ_READ [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F73A6982] NDIS.sys
Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP_POWER [F73A6982] NDIS.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSEIRP_MJ_READ [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [F745ED62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP_POWER [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F7B0D46A] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLOSEIRP_MJ_READ [F7B0D4B8] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B0D400] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [F7B0D354] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_PNP [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_PNP_POWER [805031BE] ntoskrnl.exe
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Device\00000033
Device \Device\00000026
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE_NAMED_PIPE [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CLOSEIRP_MJ_READ [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_WRITE [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_QUERY_INFORMATION [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SET_INFORMATION [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_QUERY_EA [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SET_EA [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_FLUSH_BUFFERS [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_QUERY_VOLUME_INFORMATION [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SET_VOLUME_INFORMATION [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_DIRECTORY_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_FILE_SYSTEM_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_DEVICE_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SHUTDOWN [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_LOCK_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CLEANUP [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE_MAILSLOT [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_QUERY_SECURITY [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SET_SECURITY [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_POWER [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SYSTEM_CONTROL [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_DEVICE_CHANGE [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_QUERY_QUOTA [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_SET_QUOTA [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_PNP [F76E1E58] termdd.sys
Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_PNP_POWER [F76E1E58] termdd.sys
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Device\Video0
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F78DFDD8] kbdclass.sys
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSEIRP_MJ_READ [F78DFFE8] kbdclass.sys
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F78E0C82] kbdclass.sys
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F78DFD50] kbdclass.sys
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL

[Luke57]

Ciao, hai saltato una parte del log di Gmer in posizione rootkit? Forse la parte finale.

[wwwmagnottait]

---- Processes - GMER 1.0.10 ----

Process Sytem Idle (*** hidden *** ) 0 <-- ROOTKIT !!!
Process System (*** hidden *** ) 4 <-- ROOTKIT !!!
Process C:\WINDOWS\System32\smss.exe 260
Library C:\WINDOWS\System32\smss.exe 0x48580000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000

Process C:\WINDOWS\system32\csrss.exe 500
Library C:\WINDOWS\system32\csrss.exe 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\CSRSRV.dll 0x75AF0000
Library C:\WINDOWS\system32\basesrv.dll 0x75B00000
Library C:\WINDOWS\system32\winsrv.dll 0x75B10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\KERNEL32.dll 0x7C800000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\sxs.dll 0x75E40000

Process C:\WINDOWS\system32\winlogon.exe 524
Library C:\WINDOWS\system32\winlogon.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\AUTHZ.dll 0x77690000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\CRYPT32.dll 0x77A50000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\MSASN1.dll 0x77AF0000
Library C:\WINDOWS\system32\NDdeApi.dll 0x758F0000
Library C:\WINDOWS\system32\PROFMAP.dll 0x758E0000
Library C:\WINDOWS\system32\NETAPI32.dll 0x5BC70000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\PSAPI.DLL 0x76BB0000
Library C:\WINDOWS\system32\REGAPI.dll 0x76B80000
Library C:\WINDOWS\system32\Secur32.dll 0x77F10000
Library C:\WINDOWS\system32\SETUPAPI.dll 0x778F0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\WINSTA.dll 0x76310000
Library C:\WINDOWS\system32\WINTRUST.dll 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll 0x76C50000
Library C:\WINDOWS\system32\WS2_32.dll 0x71A30000
Library C:\WINDOWS\system32\WS2HELP.dll 0x71A20000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\MSGINA.dll 0x75920000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\COMCTL32.dll 0x5D4D0000
Library C:\WINDOWS\system32\ODBC32.dll 0x745E0000
Library C:\WINDOWS\system32\comdlg32.dll 0x76360000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\odbcint.dll 0x20000000
Library C:\WINDOWS\system32\SHSVCS.dll 0x776B0000
Library C:\WINDOWS\system32\sfc.dll 0x76B70000
Library C:\WINDOWS\system32\sfc_os.dll 0x76C20000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\Apphelp.dll 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime 0x752E0000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\system32\Ati2evxx.dll 0x10000000
Library C:\WINDOWS\system32\rsaenh.dll 0x0FFD0000
Library C:\WINDOWS\system32\cscdll.dll 0x765B0000
Library C:\WINDOWS\system32\WlNotify.dll 0x75900000
Library C:\WINDOWS\system32\WinSCard.dll 0x72360000
Library C:\WINDOWS\system32\WTSAPI32.dll 0x76F10000
Library C:\WINDOWS\system32\WINSPOOL.DRV 0x72F70000
Library C:\WINDOWS\system32\MPR.dll 0x71AA0000
Library C:\WINDOWS\system32\WgaLogon.dll 0x73D50000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\SAMLIB.dll 0x71B80000
Library C:\WINDOWS\system32\cscui.dll 0x779F0000
Library C:\WINDOWS\system32\NTMARTA.DLL 0x77660000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\COMRes.dll 0x77010000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL 0x76F90000
Library C:\WINDOWS\system32\xpsp2res.dll 0x01BA0000

Process C:\WINDOWS\system32\services.exe 572
Library C:\WINDOWS\system32\services.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\SCESRV.dll 0x77B40000
Library C:\WINDOWS\system32\AUTHZ.dll 0x77690000
Library C:\WINDOWS\system32\umpnpmgr.dll 0x7DBB0000
Library C:\WINDOWS\system32\WINSTA.dll 0x76310000
Library C:\WINDOWS\system32\NETAPI32.dll 0x5BC70000
Library C:\WINDOWS\system32\NCObjAPI.DLL 0x5FBB0000
Library C:\WINDOWS\system32\MSVCP60.dll 0x76030000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library C:\WINDOWS\system32\secur32.dll 0x77F10000
Library C:\WINDOWS\system32\Apphelp.dll 0x77B10000
Library C:\WINDOWS\system32\eventlog.dll 0x772D0000
Library C:\WINDOWS\system32\WS2_32.dll 0x71A30000
Library C:\WINDOWS\system32\WS2HELP.dll 0x71A20000
Library C:\WINDOWS\system32\PSAPI.DLL 0x76BB0000
Library C:\WINDOWS\system32\wtsapi32.dll 0x76F10000

Process C:\WINDOWS\system32\lsass.exe 584
Library C:\WINDOWS\system32\lsass.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\LSASRV.dll 0x753E0000
Library C:\WINDOWS\system32\MPR.dll 0x71AA0000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\MSASN1.dll 0x77AF0000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\NETAPI32.dll 0x5BC70000
Library C:\WINDOWS\system32\NTDSAPI.dll 0x76760000
Library C:\WINDOWS\system32\DNSAPI.dll 0x76EE0000
Library C:\WINDOWS\system32\WS2_32.dll 0x71A30000
Library C:\WINDOWS\system32\WS2HELP.dll 0x71A20000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\Secur32.dll 0x77F10000
Library C:\WINDOWS\system32\SAMLIB.dll 0x71B80000
Library C:\WINDOWS\system32\SAMSRV.dll 0x743D0000
Library C:\WINDOWS\system32\cryptdll.dll 0x76750000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library C:\WINDOWS\system32\msprivs.dll 0x20000000
Library C:\WINDOWS\system32\kerberos.dll 0x71C80000
Library C:\WINDOWS\system32\msv1_0.dll 0x77C40000
Library C:\WINDOWS\system32\iphlpapi.dll 0x76D20000
Library C:\WINDOWS\system32\netlogon.dll 0x74440000
Library C:\WINDOWS\system32\w32time.dll 0x76780000
Library C:\WINDOWS\system32\MSVCP60.dll 0x76030000
Library C:\WINDOWS\system32\schannel.dll 0x767B0000
Library C:\WINDOWS\system32\CRYPT32.dll 0x77A50000
Library C:\WINDOWS\system32\wdigest.dll 0x74300000
Library C:\WINDOWS\system32\rsaenh.dll 0x0FFD0000
Library C:\WINDOWS\system32\setupapi.dll 0x778F0000
Library C:\WINDOWS\system32\scecli.dll 0x74390000

Process C:\WINDOWS\system32\svchost.exe 740
Library C:\WINDOWS\system32\svchost.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library C:\WINDOWS\system32\NTMARTA.DLL 0x77660000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\SAMLIB.dll 0x71B80000
Library c:\windows\system32\rpcss.dll 0x76A40000
Library c:\windows\system32\Secur32.dll 0x77F10000
Library c:\windows\system32\WS2_32.dll 0x71A30000
Library c:\windows\system32\WS2HELP.dll 0x71A20000
Library C:\WINDOWS\system32\xpsp2res.dll 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll 0x77010000

Process C:\WINDOWS\system32\svchost.exe 788
Library C:\WINDOWS\system32\svchost.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library c:\windows\system32\rpcss.dll 0x76A40000
Library c:\windows\system32\Secur32.dll 0x77F10000
Library c:\windows\system32\WS2_32.dll 0x71A30000
Library c:\windows\system32\WS2HELP.dll 0x71A20000
Library C:\WINDOWS\system32\xpsp2res.dll 0x20000000
Library C:\WINDOWS\system32\rsaenh.dll 0x0FFD0000
Library C:\WINDOWS\system32\mswsock.dll 0x719D0000
Library C:\WINDOWS\system32\hnetcfg.dll 0x66750000
Library C:\WINDOWS\System32\wshtcpip.dll 0x71A10000
Library C:\WINDOWS\system32\DNSAPI.dll 0x76EE0000
Library C:\WINDOWS\system32\iphlpapi.dll 0x76D20000
Library C:\WINDOWS\System32\winrnr.dll 0x76F70000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\rasadhlp.dll 0x76F80000
Library C:\WINDOWS\system32\CLBCATQ.DLL 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll 0x77010000

Process C:\WINDOWS\system32\svchost.exe 860
Library C:\WINDOWS\system32\svchost.exe 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library C:\WINDOWS\system32\NTMARTA.DLL 0x77660000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\SAMLIB.dll 0x71B80000
Library C:\WINDOWS\system32\xpsp2res.dll 0x20000000
Library c:\windows\system32\cryptsvc.dll 0x76CD0000
Library C:\WINDOWS\system32\WINTRUST.dll 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll 0x77AF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll 0x76C50000
Library c:\windows\system32\certcli.dll 0x76B30000
Library c:\windows\system32\ATL.DLL 0x76AE0000
Library c:\windows\system32\Secur32.dll 0x77F10000
Library C:\WINDOWS\system32\NETAPI32.dll 0x5BC70000
Library C:\WINDOWS\system32\CRYPTUI.dll 0x76890000
Library C:\WINDOWS\system32\WININET.dll 0x77180000
Library c:\windows\system32\ESENT.dll 0x5E270000
Library c:\windows\system32\wbem\wmisvc.dll 0x4F120000
Library C:\WINDOWS\system32\VSSAPI.DLL 0x75370000
Library c:\windows\system32\srsvc.dll 0x75130000
Library c:\windows\system32\POWRPROF.dll 0x74A60000
Library C:\WINDOWS\system32\CLBCATQ.DLL 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll 0x77010000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x74ED0000
Library C:\WINDOWS\system32\WINSTA.dll 0x76310000
Library c:\windows\system32\dmserver.dll 0x74F20000
Library c:\windows\system32\SETUPAPI.dll 0x778F0000

Process C:\WINDOWS\Explorer.EXE 1100
Library C:\WINDOWS\Explorer.EXE 0x01000000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\USER32.dll 0x77D10000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\BROWSEUI.dll 0x75F30000
Library C:\WINDOWS\system32\SHDOCVW.dll 0x77730000
Library C:\WINDOWS\system32\CRYPT32.dll 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll 0x77AF0000
Library C:\WINDOWS\system32\CRYPTUI.dll 0x76890000
Library C:\WINDOWS\system32\WINTRUST.dll 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll 0x76C50000
Library C:\WINDOWS\system32\NETAPI32.dll 0x5BC70000
Library C:\WINDOWS\system32\WININET.dll 0x77180000
Library C:\WINDOWS\system32\WLDAP32.dll 0x76F20000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll 0x5D4D0000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\system32\msctfime.ime 0x752E0000
Library C:\WINDOWS\system32\appHelp.dll 0x77B10000
Library C:\WINDOWS\system32\CLBCATQ.DLL 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll 0x77010000
Library C:\WINDOWS\System32\cscui.dll 0x779F0000
Library C:\WINDOWS\System32\CSCDLL.dll 0x765B0000
Library C:\WINDOWS\System32\themeui.dll 0x5BA40000
Library C:\WINDOWS\System32\Secur32.dll 0x77F10000
Library C:\WINDOWS\System32\MSIMG32.dll 0x76330000
Library C:\WINDOWS\system32\xpsp2res.dll 0x20000000
Library C:\WINDOWS\system32\LINKINFO.dll 0x76940000
Library C:\WINDOWS\system32\ntshrui.dll 0x76950000
Library C:\WINDOWS\system32\ATL.DLL 0x76AE0000
Library C:\WINDOWS\system32\MPR.dll 0x71AA0000
Library C:\WINDOWS\System32\drprov.dll 0x75F10000
Library C:\WINDOWS\System32\ntlanman.dll 0x71BA0000
Library C:\WINDOWS\System32\NETUI0.dll 0x71C60000
Library C:\WINDOWS\System32\NETUI1.dll 0x71C20000
Library C:\WINDOWS\System32\NETRAP.dll 0x71C10000
Library C:\WINDOWS\System32\SAMLIB.dll 0x71B80000
Library C:\WINDOWS\System32\davclnt.dll 0x75F20000
Library C:\WINDOWS\system32\WINSTA.dll 0x76310000
Library C:\WINDOWS\System32\shmedia.dll 0x5CEF0000
Library C:\WINDOWS\System32\MSVFW32.dll 0x75DF0000
Library C:\WINDOWS\System32\AVIFIL32.dll 0x73AC0000
Library C:\WINDOWS\system32\wmvcore.dll 0x086C0000
Library C:\WINDOWS\system32\WMASF.DLL 0x070D0000
Library C:\WINDOWS\System32\mlang.dll 0x75D50000
Library C:\WINDOWS\system32\browselc.dll 0x00BB0000
Library C:\WINDOWS\system32\urlmon.dll 0x77230000
Library C:\Programmi\Microsoft Office\Office10\msohev.dll 0x32520000
Library C:\WINDOWS\system32\msi.dll 0x745E0000
Library C:\Programmi\VDMSound\LaunchPad.dll 0x10000000
Library C:\WINDOWS\system32\comdlg32.dll 0x76360000
Library C:\WINDOWS\system32\WINSPOOL.DRV 0x72F70000
Library C:\WINDOWS\system32\DSOUND.dll 0x73E80000
Library C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll 0x014A0000

Process E:\gmer.exe 1208
Library E:\gmer.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll 0x7C800000
Library C:\WINDOWS\system32\USER32.DLL 0x77D10000
Library C:\WINDOWS\system32\GDI32.dll 0x77E40000
Library C:\WINDOWS\system32\COMCTL32.DLL 0x5D4D0000
Library C:\WINDOWS\system32\ADVAPI32.dll 0x77F40000
Library C:\WINDOWS\system32\RPCRT4.dll 0x77DA0000
Library C:\WINDOWS\system32\ShimEng.dll 0x5CF90000
Library C:\WINDOWS\AppPatch\AcLayers.DLL 0x71600000
Library C:\WINDOWS\system32\SHELL32.dll 0x7C9D0000
Library C:\WINDOWS\system32\msvcrt.dll 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll 0x77E90000
Library C:\WINDOWS\system32\ole32.dll 0x774B0000
Library C:\WINDOWS\system32\USERENV.dll 0x76980000
Library C:\WINDOWS\system32\WINSPOOL.DRV 0x72F70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL 0x596B0000
Library C:\WINDOWS\system32\WINMM.dll 0x76B00000
Library C:\WINDOWS\system32\OLEAUT32.dll 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll 0x77BD0000
Library C:\WINDOWS\system32\UxTheme.dll 0x5B180000
Library C:\WINDOWS\system32\IMM32.DLL 0x76340000
Library C:\WINDOWS\system32\LPK.DLL 0x62E40000
Library C:\WINDOWS\system32\USP10.dll 0x74D20000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x773A0000
Library C:\WINDOWS\system32\serwvdrv.dll 0x5D190000
Library C:\WINDOWS\system32\umdmxfrm.dll 0x5B4B0000
Library C:\WINDOWS\system32\Secur32.dll 0x77F10000
Library C:\WINDOWS\system32\OLEPRO32.DLL 0x5F210000
Library C:\WINDOWS\gmer.dll 0x07200000
Library C:\WINDOWS\system32\apphelp.dll 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime 0x752E0000

---- Modules - GMER 1.0.10 ----

Module \WINDOWS\system32\ntoskrnl.exe 804D7000
Module \WINDOWS\system32\hal.dll 806EC000
Module \WINDOWS\system32\KDCOM.DLL F7AEF000
Module \WINDOWS\system32\BOOTVID.dll F79FF000
Module xmasbus.sys F75AB000
Module d346bus.sys F7584000
Module ACPI.sys F7556000
Module \WINDOWS\System32\DRIVERS\WMILIB.SYS F7AF1000
Module pci.sys F7545000
Module isapnp.sys F75EF000
Module ohci1394.sys F75FF000
Module \WINDOWS\System32\DRIVERS\1394BUS.SYS F760F000
Module pciide.sys F7BB7000
Module \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F786F000
Module MountMgr.sys F761F000
Module ftdisk.sys F7526000
Module dmload.sys F7AF3000
Module dmio.sys F7500000
Module PartMgr.sys F7877000
Module VolSnap.sys F762F000
Module atapi.sys F74E8000
Module si3112r.sys F74D0000
Module \WINDOWS\system32\drivers\SCSIPORT.SYS F74B8000
Module nvatabus.sys F74A4000
Module d346prt.sys F7AF5000
Module xmasscsi.sys F7AF7000
Module SiWinAcc.sys F7A03000
Module disk.sys F763F000
Module \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F764F000
Module fltmgr.sys F7485000
Module PxHelp20.sys F787F000
Module PQV2i.sys F746F000
Module TPkd.sys F765F000
Module KSecDD.sys F7458000
Module Ntfs.sys F73CB000
Module NDIS.sys F739E000
Module parport.sys F738A000
Module sfhlp01.sys F7AF9000
Module prosync1.sys F7AFB000
Module prohlp02.sys F766F000
Module nv_agp.sys F7887000
Module Mup.sys F736F000
Module \SystemRoot\System32\DRIVERS\usbohci.sys F7967000
Module \SystemRoot\System32\DRIVERS\USBPORT.SYS F7293000
Module \SystemRoot\System32\DRIVERS\usbehci.sys F7997000
Module \SystemRoot\System32\DRIVERS\imapi.sys F769F000
Module \SystemRoot\system32\drivers\pfc.sys F7347000
Module \SystemRoot\System32\DRIVERS\cdrom.sys F76AF000
Module \SystemRoot\System32\DRIVERS\redbook.sys F76BF000
Module \SystemRoot\System32\DRIVERS\ks.sys F7270000
Module \SystemRoot\System32\Drivers\Asapi.SYS F79E7000
Module \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F79EF000
Module \SystemRoot\System32\DRIVERS\fdc.sys F78AF000
Module \SystemRoot\System32\DRIVERS\i8042prt.sys F76CF000
Module \SystemRoot\System32\DRIVERS\IPFilter.sys F732B000
Module \SystemRoot\System32\DRIVERS\mouclass.sys F78CF000
Module \SystemRoot\System32\DRIVERS\kbdclass.sys F78DF000
Module \SystemRoot\System32\DRIVERS\rdpdr.sys F723F000
Module \SystemRoot\System32\DRIVERS\termdd.sys F76DF000
Module \SystemRoot\System32\DRIVERS\

[wwwmagnottait]

---- Modules - GMER 1.0.10 ----

Module \WINDOWS\system32\ntoskrnl.exe 804D7000
Module \WINDOWS\system32\hal.dll 806EC000
Module \WINDOWS\system32\KDCOM.DLL F7AEF000
Module \WINDOWS\system32\BOOTVID.dll F79FF000
Module xmasbus.sys F75AB000
Module d346bus.sys F7584000
Module ACPI.sys F7556000
Module \WINDOWS\System32\DRIVERS\WMILIB.SYS F7AF1000
Module pci.sys F7545000
Module isapnp.sys F75EF000
Module ohci1394.sys F75FF000
Module \WINDOWS\System32\DRIVERS\1394BUS.SYS F760F000
Module pciide.sys F7BB7000
Module \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F786F000
Module MountMgr.sys F761F000
Module ftdisk.sys F7526000
Module dmload.sys F7AF3000
Module dmio.sys F7500000
Module PartMgr.sys F7877000
Module VolSnap.sys F762F000
Module atapi.sys F74E8000
Module si3112r.sys F74D0000
Module \WINDOWS\system32\drivers\SCSIPORT.SYS F74B8000
Module nvatabus.sys F74A4000
Module d346prt.sys F7AF5000
Module xmasscsi.sys F7AF7000
Module SiWinAcc.sys F7A03000
Module disk.sys F763F000
Module \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F764F000
Module fltmgr.sys F7485000
Module PxHelp20.sys F787F000
Module PQV2i.sys F746F000
Module TPkd.sys F765F000
Module KSecDD.sys F7458000
Module Ntfs.sys F73CB000
Module NDIS.sys F739E000
Module parport.sys F738A000
Module sfhlp01.sys F7AF9000
Module prosync1.sys F7AFB000
Module prohlp02.sys F766F000
Module nv_agp.sys F7887000
Module Mup.sys F736F000
Module \SystemRoot\System32\DRIVERS\usbohci.sys F7967000
Module \SystemRoot\System32\DRIVERS\USBPORT.SYS F7293000
Module \SystemRoot\System32\DRIVERS\usbehci.sys F7997000
Module \SystemRoot\System32\DRIVERS\imapi.sys F769F000
Module \SystemRoot\system32\drivers\pfc.sys F7347000
Module \SystemRoot\System32\DRIVERS\cdrom.sys F76AF000
Module \SystemRoot\System32\DRIVERS\redbook.sys F76BF000
Module \SystemRoot\System32\DRIVERS\ks.sys F7270000
Module \SystemRoot\System32\Drivers\Asapi.SYS F79E7000
Module \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F79EF000
Module \SystemRoot\System32\DRIVERS\fdc.sys F78AF000
Module \SystemRoot\System32\DRIVERS\i8042prt.sys F76CF000
Module \SystemRoot\System32\DRIVERS\IPFilter.sys F732B000
Module \SystemRoot\System32\DRIVERS\mouclass.sys F78CF000
Module \SystemRoot\System32\DRIVERS\kbdclass.sys F78DF000
Module \SystemRoot\System32\DRIVERS\rdpdr.sys F723F000
Module \SystemRoot\System32\DRIVERS\termdd.sys F76DF000
Module \SystemRoot\System32\DRIVERS\swenum.sys F7B01000
Module \SystemRoot\System32\DRIVERS\update.sys F71E3000
Module \SystemRoot\System32\DRIVERS\mssmbios.sys F72EA000
Module \SystemRoot\system32\DRIVERS\cledx.sys F76EF000
Module \SystemRoot\System32\DRIVERS\usbhub.sys F76FF000
Module \SystemRoot\System32\DRIVERS\USBD.SYS F7B05000
Module \SystemRoot\System32\DRIVERS\flpydisk.sys F798F000
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B09000
Module \SystemRoot\System32\Drivers\Null.SYS F7C86000
Module \SystemRoot\System32\Drivers\Beep.SYS F7B0D000
Module \SystemRoot\System32\drivers\vga.sys F79B7000
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS F71CF000
Module \SystemRoot\System32\Drivers\Msfs.SYS F79D7000
Module \SystemRoot\System32\Drivers\Npfs.SYS F79F7000
Module \SystemRoot\System32\Drivers\Fastfat.SYS F70EC000
Module \SystemRoot\System32\DRIVERS\hidusb.sys F716B000
Module \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F772F000
Module \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F796F000
Module \SystemRoot\System32\Drivers\Cdfs.SYS F781F000
Module \SystemRoot\System32\win32k.sys BF800000
Module \SystemRoot\System32\drivers\Dxapi.sys F7024000
Module \SystemRoot\System32\watchdog.sys F795F000
Module \SystemRoot\System32\drivers\dxg.sys BF9C2000
Module \SystemRoot\System32\drivers\dxgthk.sys F7C68000
Module \SystemRoot\System32\framebuf.dll BFF70000
Module \SystemRoot\System32\DRIVERS\gmer.sys F6D3C000
Module \WINDOWS\system32\ntdll.dll 7C910000

---- Services - GMER 1.0.10 ----

Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [SYSTEM] AmdK7
Service System32\DRIVERS\amgm.sys [MANUAL] AMGM
Service [DISABLED] amsint
Service C:\Programmi\AVPersonal\AVGUARD.EXE [DISABLED] AntiVirService
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394
Service [SYSTEM] Asapi
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service [AUTO] Aspi32
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [DISABLED] aspnet_state
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller
Service C:\WINDOWS\system32\ati2sgag.exe [DISABLED] ATI Smart
Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag
Service C:\Programmi\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [SYSTEM] atitray
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [MANUAL] Avg7Alrt
Service C:\WINDOWS\System32\Drivers\avg7core.sys [SYSTEM] Avg7Core
Service C:\WINDOWS\System32\Drivers\avg7rsw.sys [SYSTEM] Avg7RsW
Service C:\WINDOWS\System32\Drivers\avg7rsxp.sys [SYSTEM] Avg7RsXP
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [MANUAL] Avg7UpdSvc
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [DISABLED] AVGEMS
Service C:\Programmi\AVPersonal\AVGNTDW.SYS [MANUAL] avgntdw
Service C:\WINDOWS\System32\Drivers\avgtdi.sys [AUTO] AvgTdi
Service C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe [DISABLED] AVPCC
Service C:\Programmi\File comuni\KAV Shared Files\avpg.sys [AUTO] avpg
Service C:\Programmi\AVPersonal\AVWUPSRV.EXE [DISABLED] AVWUpSrv
Service [SYSTEM] Beep
Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS
Service C:\WINDOWS\System32\DRIVERS\bridge.sys [MANUAL] Bridge
Service C:\WINDOWS\System32\DRIVERS\bridge.sys [MANUAL] BridgeMP
Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc
Service C:\WINDOWS\system32\DRIVERS\cledx.sys [MANUAL] CLEDX
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service System32\Drivers\CoachWdm.sys [AUTO] CoachWdm
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\System32\DRIVERS\d346bus.sys [BOOT] d346bus
Service C:\WINDOWS\System32\Drivers\d346prt.sys [BOOT] d346prt
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\DRIVERS\EPPSCAN.sys [MANUAL] EPPSCSIx
Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service C:\Programmi\ewido anti-spyware 4.0\guard.sys [SYSTEM] ewido anti-spyware 4.0 driver
Service C:\Programmi\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [DISABLED] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\DOCUME~1\Manuel\IMPOST~1\Temp\FKSOB.exe [MANUAL] FKSOB
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\DOCUME~1\Manuel\IMPOST~1\Temp\G.exe [MANUAL] G
Service C:\WINDOWS\System32\Drivers\G11av.sys [AUTO] G11AV
Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\system32\DRIVERS\GcKernel.sys [MANUAL] GcKernel
Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [MANUAL] GEARAspiWDM
Service C:\WINDOWS\System32\GEARSec.exe [DISABLED] GEARSecurity
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\DRIVERS\hidgame.sys [MANUAL] hidgame
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [MANUAL] HIDSwvd
Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT
Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\System32\imapi.exe [DISABLED] ImapiService
Service [DISABLED] ini910u
Service [DISABLED] IntelIde
Service C:\WINDOWS\System32\Fast.exe [DISABLED] InteractiveLogon
Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw
Service C:\WINDOWS\System32\DRIVERS\IPFilter.sys [MANUAL] IPFilter
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service System32\DRIVERS\ATL_95a2.sys [MANUAL] itexadsla2
Service C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe [DISABLED] KAVMonitorService
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\system32\drivers\kx.sys [MANUAL] kxwdmdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\system32\drivers\MODEMCSA.sys [MANUAL] MODEMCSA
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service C:\DOCUME~1\Manuel\IMPOST~1\Temp\MPGYJ.exe [MANUAL] MPGYJ
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\System32\DRIVERS\msgame.sys [MANUAL] msgame
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service C:\WINDOWS\System32\DRIVERS\NMnt.sys [MANUAL] nm
Service E:\Utility\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [DISABLED] Norton Ghost
Service C:\WINDOWS\system32\drivers\npf.sys [MANUAL] NPF
Service [SYSTEM] Npfs
Service E:\Utility\Compressi\x\NRKCTL32.SYS [MANUAL] NRKCTL32
Service [AUTO] Nsynas32
Service [DISABLED] Ntfs
Service C:\WINDOWS\system32\drivers\ntgrip.sys [MANUAL] ntgrip
Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\System32\DRIVERS\nvatabus.sys [BOOT] nvatabus
Service C:\WINDOWS\System32\DRIVERS\NVENET.sys [MANUAL] NVENET
Service C:\WINDOWS\System32\DRIVERS\nv_agp.sys [BOOT] nv_agp
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [BOOT] ohci1394
Service C:\WINDOWS\System32\DRIVERS\parport.sys [BOOT] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc
Service C:\Programmi\PeerGuardian2\pgfilter.sys [MANUAL] pgfilter
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\DRIVERS\point32.sys [MANUAL] Point32
Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\svchost.exe [AUTO] PowerManager
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service [SYSTEM] PQIMount
Service [SYSTEM] PQNTDrv
Service [BOOT] PQV2i
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\WINDOWS\System32\drivers\prodrv06.sys [SYSTEM] prodrv06
Service C:\WINDOWS\System32\drivers\prohlp02.sys [BOOT] prohlp02
Service C:\WINDOWS\System32\drivers\prosync1.sys [BOOT] prosync1
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS [AUTO] PStrip
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\DOCUME~1\Manuel\IMPOST~1\Temp\QLIDBDBK.exe [MANUAL] QLIDBDBK
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\Programmi\WinPcap\rpcapd.exe [MANUAL] rpcapd
Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\Programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [AUTO] RVIEGVST
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service [DISABLED] Scsiscan
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\WINDOWS\System32\drivers\sfhlp01.sys [BOOT] sfhlp01
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service C:\WINDOWS\system32\drivers\si3112r.sys [BOOT] si3112r
Service C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [BOOT] SiFilter
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\drivers\SiWinAcc.sys [BOOT] SiWinAcc
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP
Service C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV
Service C:\WINDOWS\System32\DRIVERS\serscan.sys [MANUAL] StillCam
Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip
Service C:\WINDOWS\system32\SVKP.sys [AUTO] SVKP
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr
Service [DISABLED] TosIde
Service [BOOT] TPkd
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service C:\WINDOWS\system32\DRIVERS\U81xbus.sys [MANUAL] U81xbus
Service C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys [MANUAL] U81xmdfl
Service C:\WINDOWS\system32\DRIVERS\U81xmdm.sys [MANUAL] U81xmdm
Service C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys [MANUAL] U81xmgmt
Service C:\WINDOWS\system32\DRIVERS\U81xobex.sys [MANUAL] U81xobex
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe [DISABLED] UMWdf
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\System32\Drivers\Bulk533.sys [MANUAL] USBCamera
Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan
Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [MANUAL] V0090VID
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service System32\DRIVERS\vsc.sys [MANUAL] vsc32
Service C:\WINDOWS\System32\vsdatant.sys [MANUAL] vsdatant
Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [MANUAL] vsmon
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [AUTO] WBHWDOCT
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] WZCSVC
Service C:\WINDOWS\System32\DRIVERS\xmasbus.sys [BOOT] xmasbus
Service C:\WINDOWS\System32\Drivers\xmasscsi.sys [BOOT] xmasscsi
Service C:\WINDOWS\System32\svchost.exe

[lucas/s]

Hai controllato se avenger funziona?
Prova per piacere altrimenti so casini,anche se su un pc che ho infettato funziona tutto,mha ciao

[wwwmagnottait]

si, Avenger mi funziona

[lucas/s]

Alleluya
Dammi 2/3 giorni per metterti le istruzioni

[lucas/s]

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in rosso

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Una volta riavviato il pc,collegati e posta il contenuto del file C:\Avenger.txt

Ciao

PS:Scarica questo file sul desktop
http://www.merijn.org/files/adsspy.zip
Decomprimi l'archivio
,avvia il programma,leva tutte le spunte presenti e mettila solo nella casella "Scan only this folder",clicca sul pulsantino e seleziona il disco rigido da scansionare,clicca su "Scan the system ecc " per far partire la scansione
A fine scansione dovresti visualizzare questo valore
C:\:xpsp1hff.log
Metti la spunta(flag) nella caselle che corrisponde al valore e clicca su "Remove selected streams"

PPS:Clicca su start>esegui nella casellina digita control userpasswords2 clicca su Ok
Ti si apre una finestra,che nomi riporta??????
(aspnet,administrator etc)

scarica questo programma sul desktop
http://download.bleepingcomputer.com/sUBs/combofix.exe
Avvia il file combofix.exe e segui le istruzioni a schermo,quando il programma ha finito rilasciaerà un log(C:\Combofix.txt)postalo nella tua risposta

PS:Durante l'esecuzione del programma non usare il mouse altrimenti l'applicazione potrebbe andare in stallo(bloccarsi)
Ciao