Condividi:        

...letto diversi topics...ma il problema persiste.

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

...letto diversi topics...ma il problema persiste.

Postdi shantyz » 06/01/07 22:10

Ciao ragazzi, ho seguito i topics riguardanti gli eseguibili spariti, quelli che trattano del file 9129837.exe e quello della pagina blu, ho fatto l'analisi del mio log di HijackThis sul sito indicato ed ho eliminato le voci che erano a rischio, ho usato RegSeeker, CCleaner e rianalizzato il log di HijT, ma il problema persiste.

Ora non trovo più il file 9129837 (problema originale suppongo), ma continuo a non riuscire a reinstallare avast e zone allarm.

Ho provato ad avviare in modalità provvisoria;accedo alla schermata con il tasto F8, seleziono modalità provvisoria, poi il sistema operativo desiderato (l'unico installato) poi partono una serie di righe in rapida successione e poi il messaggio "press esc to stop load sptd.sys"...non faccio nulla e poi il pc si riavvia ricaricando la ram e partendo poi in modalità normale...

Vi posto il mio ultimolog, ho anche qualcosa prima delle suddette operazioni.

Logfile of HijackThis v1.99.1
Scan saved at 21.29.42, on 06/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/a ... Atchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

Conosco come funzionano i forum e prima di postare ho provato da solo e credo di aver peggiorato le cose...datemi una mano per favore ;)
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Sponsor
 

Postdi ainvar70 » 07/01/07 00:39

Ciao,
prova così
Scarica ATF cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare i file temporanei)


Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Cerca ed elimina il seguente file:
C:\WINDOWS\9129837.exe

Poi avvia ATFCleaner. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.
Un saluto cordiale da AINVAR
ainvar70
Utente Junior
 
Post: 33
Iscritto il: 02/09/06 22:55

Postdi shantyz » 07/01/07 12:56

buongiorno signori,
il file C:\WINDOWS\9129837.exe non c'è più o non è più in questa posizione.
Ho letto che una volta effettuate le sue sporche modifiche muta di nome, in ogni caso apporta modifiche al file di registro, come posso correggerle?

Tra le altre cose, mi sono accorto che windows media player non si apre più e da il seguente errore: errore interno dell'applicazione, oltretutto la funzione ricerca file di windows non si apre più.

Vi posto l'ultimo log.

Logfile of HijackThis v1.99.1
Scan saved at 12.49.23, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/a ... Atchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi Luke57 » 07/01/07 13:06

Ciao, quell'errore di windows media player non è facilmente risolvibile in genere. Prova con questi due comandi:
regsvr32 jscript.dll>OK
regsvr32 vbscript.dll>OK

Inoltre, scarica Gmer da qui: http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, lascia le impostazioni di default, fai uno Scan completo. Chiudi, prima dello scan, tutti i programmi e le applicazioni aperti.
Al termine, premi il tasto Copy e incolla il report in un foglio di testo.
Sempre con Gmer ti sposti sul tab Autostart (non spuntare la casella show all), premi Scan. Al termine dello scan, premi Copy. Incolli il report nel foglio precedentemente salvato e poi incolli i due report in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi shantyz » 07/01/07 13:11

Grazie mille per la rapida risposta.

....Farò subito il tentativo con Gmer, mi potresti spigare meglio cosa intendi con il provare con i due comandi che hai indicato?

Antivirus, firewall ed SpyBot SD sono spariti ;)
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi shantyz » 07/01/07 13:34

Risultato Gmer....

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-07 13:26:44
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 1D5 804E2831 3 Bytes [ 54, E3, BA ]
.text ntdll.dll!NtClose 7C91D586 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C91D754 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C91D793 5 Bytes JMP 72033FC8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86799C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86799C78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85F78CF0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85F78CF0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BAE41230] vsdatant.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8679A418
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8679A418
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BAE41230] vsdatant.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E191AC30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E191AC30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E191AC30
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8679A6D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86438CF0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 864EEA70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 864EEA70
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86438CF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86438CF0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D396C1] prosync1.sys
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_CREATE 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_CLOSE 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_READ 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_WRITE 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_DEVICE_CONTROL 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76D6A6C] sfsync04.sys
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_POWER 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_SYSTEM_CONTROL 861910E8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_PNP 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CREATE 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CLOSE 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_READ 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_WRITE 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_DEVICE_CONTROL 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76D6A6C] sfsync04.sys
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_POWER 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_SYSTEM_CONTROL 861910E8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_PNP 861910E8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E13C62D8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E13C62D8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E13C62D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8614F2B8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8614F2B8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8614F2B8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8614F2B8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8614F2B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi shantyz » 07/01/07 13:40

...il file di testo è troppo grande...c'è un modo per allegare il documento?
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

...il resto di Gmer

Postdi shantyz » 07/01/07 14:46

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 86799EB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BAE41230] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_CREATE 8614F2B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_CLOSE 8614F2B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_INTERNAL_DEVICE_CONTROL 8614F2B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_CLEANUP 8614F2B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6981219A-1116-41EF-A095-DECE892B4BB6} IRP_MJ_PNP 8614F2B8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_CREATE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_CLOSE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_READ 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_WRITE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_FLUSH_BUFFERS 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_INTERNAL_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_SHUTDOWN 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_POWER 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_SYSTEM_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_PNP 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_CREATE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_CLOSE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_READ 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_WRITE 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_FLUSH_BUFFERS 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_INTERNAL_DEVICE_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_SHUTDOWN 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_POWER 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_SYSTEM_CONTROL 86799EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 IRP_MJ_PNP 86799EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 861220E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [BAE41230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [BAE41230] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 861220E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 861220E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8660C8E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8660C8E0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8679A6D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8679A6D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 864FC868
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 864FC868
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85F78CF0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85F78CF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 861421E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 861421E8

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1076
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1192

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>00}qZ=`RaAFZQ{?{DArt?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e}GvMMOnH@hg(nYnu%p8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aPzKX=15Z?*VmZwfL?5??
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>]-2y_C5dWAq8t'Ahp=bS?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>IvR7u6?dq8g4^Yd4V1J6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>8P8fd9s@-?D*V},`V=T3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>xY=TG9CqU@W)~p?RO_w[?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C)z]OrW%R=wF2GW{Mgf2?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hWlcu7oG*9ybzp+^-VdU?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>_FJM`5byo=hcOs8jwB`u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>^'5*]IAel?w8MnWaY[Jf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>'.E-h@SP~=w?DXL*AL.m?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>=6xEmQ}b$?[kDPAt*+Mv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?7w%[IH(QA(f_Nv)g1+u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>6_Lp.YrKG=t~lt)yuC(b?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*aw@nLUAKMX6tN?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>vQk-c(tl+9_q.YVyjkqq?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>R,YAg8Uzf?q9ZRNgCdW.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>nV30Foad^=4D0FLgllXd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>W**YR.kDv?kTe!evxZOf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{?^lW%IQJ=DGh@&,glnR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorlib,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>v~Yw+7RXK?*n7r]K90Xd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>PCwF,UKRl=)zd@Q'%%3G?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>oaxX*et~F@1qEj-wm]ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hXM40zsHQ9T~regpU=Bb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>ZYT6Y}7@o?kE(HR+=APT?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>vC~AI=2_U=jP1y7`PgEK?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>dxy+{V6B(@+d{@(0_+AQ?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>.[PYtUR-d8WP[=+EL+1O?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>2Y]8C*W[d@g,InfZq=QO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>uqOdb3z0A9nOM3DNwRap?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>w=KLXB[Xr=7Tk@&xP9mc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>HgVH13*D4=(W~'P?(s2v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e64H(FT9aAe*?nR&Hqu&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Glob
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi shantyz » 07/01/07 15:01

Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NA^,LBxBWAO8^5,~v&8R?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>kgT}+.%vy?ikM)Pm%j(e?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NLc&){D?)A$1sUX?25sO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$v^BT?)o-=UTn*mAe$WC?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>5FJq?3gMD@zhYonAA7zP?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Z4gl`yrv7=muBlQnQKLc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aNAK!_!Eo=`)&1S{-9qF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>VM.bWln_GA'bH^9b4zy!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>%$f[5O}U(A5g(F1lojgF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&E8MWjh%YAwnpr?O'Yi%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C*F%G*9^O@W5=%1gR^8-?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>SksH4=PK%=e-_b0RuAPa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>fHeMP]gBr8xqs@n2Co?]?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>(GwSNVGT+@7fT)]}SlJ_?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>bbB7w3YPI?^u?S_0}W8T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{e[a-{V).94C1..jDAj.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>a+z?fXORD?MQ[Q9IU8rM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>)FaXaBH81?z8.(n5Ifk0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?Apg'v4Ao8k8Bcl_)c@q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>LSv0fvZqn=B^x-K9?$ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>E-9C,Ky_,=`o0ZsSt.K4?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$AqI^d@FOAa}lhk6lCx6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>b(NwVxq^D9N$NykQh&F=?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>f8hJ=QM?g(Z1z?VXB]2d?
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi shantyz » 07/01/07 15:03

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-07 13:29:50
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service /*file not found*/
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@drvsyskitC:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\hidr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@(null) =
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Office Graphics Filters Thumbnail Extractor*/(null) =
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BF05BB6E-442C-428B-8025-82280B7BC26C} /*Zen Micro Media Explorer*/C:\Programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll = C:\Programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
MP3ToWave@{DC6FA7E0-6666-11D5-8CE2-444553540000} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.12 ----
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi Luke57 » 07/01/07 15:28

Ciao, hai un rootkit che ha la caratteristica di inibire firewall e antivirus.
Quei due comandi, in caso di errore dell'applicazione windows media player, servono per registrare le .dll, non sempre è sufficiente però, comunque prova.
Per il rootkit esegui questa procedura:
apri il registro di sistema;
start>esegui>regedit (lo copi nello spazio)>OK
aperto l’editor del registro, clicchi sul segno + accanto alle singole voci e segui questo percorso:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,
Click sulla cartella Run, dovresti trovare nella parte destra:
drvsyskit C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\hidr.exe
Click tasto dx su su Drvsyskit e scegli Elimina
Chiudi il registro.

Poi scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (Ctrl+V) le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr


Folders to delete:
C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires

Files to delete:
C:\WINDOWS\system32\hldrrr.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi shantyz » 07/01/07 15:48

C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires\hidr.exe


Ho trovato questo comando solo in questo percorso:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellNoRoam\MUICache



Devo eliminarlo comunque?

Nel percorso da te indicato ho trovato solo:
msnmsgr
(predefinito)
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi Luke57 » 07/01/07 16:13

Ciao, Ok, eliminalo e poi utilizza Avenger.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi shantyz » 07/01/07 16:29

ecco il log di avenger...ti sto facendo impazzire vero ;)?

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fyycxlgj

*******************

Script file located at: \??\C:\Documents and Settings\tmwmafam.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\AMMINISTRATORE\Dati applicazioni\hidires deleted successfully.
File C:\WINDOWS\system32\hldrrr.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi shantyz » 07/01/07 16:50

...wow!

Ho provato a reinstallare l'antivirus e pare non ci siano problemi, la cosa mi rende fiducioso, grazie mille del prezioso aiuto!!!

...avevo già contattato qualcuno per formattare tutto ;)

Grazie ancora e buona serata!!!
shantyz
Utente Junior
 
Post: 12
Iscritto il: 06/01/07 19:49

Postdi Luke57 » 07/01/07 16:55

:)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "...letto diversi topics...ma il problema persiste.":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 49 ospiti