Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > AV e sicurezza in generale
Ricarica la Pagina LinkOptimizer

Huawei Matebook 14: sottile, robusto e con un gran display
Huawei Matebook 14: sottile, robusto e con un gran display
Il display da 14,2 pollici di diagonale, dotato di tecnologia OLED e rapporto di 3:2 tra i lati, è il punto di forza di questo notebook votato alla produttività personale. Sottile, robusto e caratterizzato da una elevata autonomia con batteria MateBook 14 svolge al meglio tutte le necessità d'uso di chi deve lavorare e intrattenersi lontano da una presa di corrente
HONOR 200 Series e Studio Harcourt: come fare ritratti con uno smartphone
HONOR 200 Series e Studio Harcourt: come fare ritratti con uno smartphone
Dare nuova linfa ad un comparto fotografico di uno smartphone medio gamma non è facile. HONOR però ci è riuscita con i nuovi HONOR 200 e 200 Pro trovando nello Studio Harcourt di Parigi un alleato capace di co-ingegnerizzare i due smartphone in modo da renderli unici proprio sulle foto ritratto. Ecco cosa significa
Recensione realme GT 6: un nuovo flagship killer con display top e ricarica da 120W
Recensione realme GT 6: un nuovo flagship killer con display top e ricarica da 120W
realme GT 6 fa il suo ingresso nel mercato degli smartphone anche in Italia, volendosi distinguere per le prestazioni e un comparto fotografico molto versatile con un prezzo abbondantemente sotto i 1000€. Fra le sue caratteristiche peculiari un SoC potente e la ricarica da ben 120W, senza dimenticare il display che nei nostri test ha mostrato valori eccezionali. Con queste doti, il nuovo device realme può essere considerato fra i flagship killer del 2024.
Secret Lab: arrivano le promozioni estive con sconti fino a 200 euro sulle sedie
Aveva 596 CPU nascoste nell'auto: uomo arrestato alla dogana per contrabbando
Dell: metà dei dipendenti rinuncia alla promozione per lavorare da remoto. A voi la parola!
Diablo IV è il miglior lancio di sempre su Xbox Game Pass
DJI Power 500: ce n'era veramente bisogno?
PlayStation VR2 è un flop: Sony, rassegnata, avrebbe tagliato i fondi per lo sviluppo
Lo strano caso della cittadina americana che ha vietato e-bike e monopattini elettrici
L'energia rinnovabile a maggio ha coperto il 52,5% della domanda nazionale: il valore mensile più alto di sempre
Beyond Good & Evil: remaster la prossima settimana con contenuti sul secondo capitolo
Fiat Grande Panda, elettrica o benzina, l'inizio di una nuova era
Starlink Mini, il servizio Internet satellitare di SpaceX che sta in uno zaino
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 7 1 2 3 4 5 > Ultima »
Discussione Chiusa
 
Strumenti
Old 06-08-2006, 10:22   #1
mico72
Junior Member
 
Iscritto dal: Jun 2006
Messaggi: 10
LinkOptimizer
ciao a tutti, il mio antivirus (NOD32) mi da come virus il file abhrv.exe che si trova nella cartella C/PROGRAMMI/FILE COMUNI/SYSTEM ma nn riesce a cancellarlo, ho provato a farlo a mano, tra l'altro era un file nascosto, ma esce una finestra dove c'è scritto controllare che nn sia pieno o protetto da scrittura, ho fatto la scansione anche in modalita provvisoria ma niente. E' da il primo agosto che è presente sul pc, se nn c'è modo di cancellarlo con un antivirus, nn c'è un prg che riesce a cancellarloAdesso poi quando faccio la scansione nod scrive, errore durante l'apertura del file:accesso negato, come fa con pagella sys
Il nome del virus dovrebbe essere questo: Win32/Agent.VP
andando su installazioni applicazioni..ho trovato una voce:LinkOptimizer sapendo di nn aver installato nulla del genere ho provato a disinstallare, ma appena clikko su rimuovi mi si apre una pagina intenet e nn mi disinstalla nulla ma che sta succedendo?
mico72 è offline  
Old 06-08-2006, 10:25   #2
andorra24
Senior Member
 
L'Avatar di andorra24
 
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
Ciao, hai beccato uno dei malware piu' fastidiosi del momento. C'e' una valida guida che spiega come risolvere il problema. Seguila con attenzione:
http://www.suspectfile.com/forum/viewtopic.php?t=156
andorra24 è offline  
Old 06-08-2006, 10:48   #3
mico72
Junior Member
 
Iscritto dal: Jun 2006
Messaggi: 10
Ti ringrazio ora vedo
mico72 è offline  
Old 07-08-2006, 12:29   #4
Big Fish
Senior Member
 
Iscritto dal: Oct 2005
Messaggi: 311
Ciao mico72, ho il tuo stesso problema e non riesco a risolverlo, visto che la guida di suspectfile la trovo troppo complicata e laboriosa per le mie capacità.
In rete non fanno altro che consigliarmi software diversi e non ho voglia di andare per tentativi e incasinare ulteriormente il SO.
Ho aperto una discussione specifica sul virus Win32.agent.VP indicando i miei sintomi e quello che ho notato sul mio PC.
Se riesci a trovare una soluzione alternativa fammi sapere.
Grazie.
Big Fish è offline  
Old 07-08-2006, 12:37   #5
mico72
Junior Member
 
Iscritto dal: Jun 2006
Messaggi: 10
anch'io sto impazzendo ho seguito le istruzioni di quel sito ma rimane sempre la voce su installazione applicazioni
http://www.alground.com/forum/viewto...?p=34459#34459 vai qua c'è una persona che mi sta aiutando
oppure fai un log con hijackthis e fallo analizzare su questo sito http://www.hijackthis.de/#anl
Ultima modifica di mico72 : 07-08-2006 alle 12:41.
mico72 è offline  
Old 13-08-2006, 22:37   #6
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
Continuo su questo Post per chiedervi una vostra opinione, a me succede che si creano file su C:\Programmi\File comuni\System anche cancellandoli ricompaiono al prox riavvio (di solito se ne crea 1 che non riesco a cancellarlo tranne avviando in modalita provvisoria) ad esempio ora mi ritrovo questi
DRY.exe
lUA.exe (questo e' quello che lo vede ancora in utilizzo)
nMP.exe
VDtCu.exe

E succede questo all'avvio dal Task manager lo carica per qlc secondo poi sparisce, parlo di lUA.exe
Qlc saprebbe darmi qlc consiglio??
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
materi è offline  
Old 14-08-2006, 11:43   #7
amvinfe
Senior Member
 
Iscritto dal: Aug 2002
Messaggi: 359
Quote:
Originariamente inviato da materi
Continuo su questo Post per chiedervi una vostra opinione, a me succede che si creano file su C:\Programmi\File comuni\System anche cancellandoli ricompaiono al prox riavvio (di solito se ne crea 1 che non riesco a cancellarlo tranne avviando in modalita provvisoria) ad esempio ora mi ritrovo questi
DRY.exe
lUA.exe (questo e' quello che lo vede ancora in utilizzo)
nMP.exe
VDtCu.exe

E succede questo all'avvio dal Task manager lo carica per qlc secondo poi sparisce, parlo di lUA.exe
Qlc saprebbe darmi qlc consiglio??
scarica GMER
http://www.gmer.net/gmer110.zip
decomprimi l'archivio sul desktop.
1. esegui l'.exe
2. clicca sul tab "Autostart", clicca su "Scan". Finita la scansione clicca su "Copy" incolla il risultato sul Notepade.
1. esegui nuovamente gmer.exe
2. clicca sul tab "Rootkit", clicca su "Scan"". Finita la scansione clicca su "Copy" incolla il risultato sul Notepade.
3. Posta i due log

NB
scaricati Avenger
http://swandog46.geekstogo.com/avenger.zip
decomprimi l'archivio sul desktop, questo programma ti servirà in seguito per eliminare i valori di LinkOptim.
__________________
Pensi d'avere un file infetto? Invialo a
SuspectFile
amvinfe è offline  
Old 14-08-2006, 14:40   #8
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
Come prima cosa grazie tante,e pi ecco qui i 2 log

Autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-14 15:29:52
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\con.xha

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVP /*Active Virus Shield*/@ = "E:\Programmi\AOL\Active Virus Shield\avp.exe" -r
PDSched /*PDScheduler*/@ = C:\Programmi\Raxco\PerfectDisk\PDSched.exe
SecWgy /*SecWgy*/@ = "C:\Programmi\File comuni\System\YTy.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@MagicSpeede:\Programmi\SamsungODD\Magic Speed\MagicSL.exe /autorun /*file not found*/ = e:\Programmi\SamsungODD\Magic Speed\MagicSL.exe /autorun /*file not found*/
@aol"E:\Programmi\AOL\Active Virus Shield\avp.exe" = "E:\Programmi\AOL\Active Virus Shield\avp.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@wininet.dll = /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/e:\Programmi\WinRAR\rarext.dll = e:\Programmi\WinRAR\rarext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Programmi\AOL\Active Virus Shield\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Programmi\AOL\Active Virus Shield\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}E:\PROGRA~1\SPYBOT~1\SDHelper.dll = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{FFFFFEF0-5B30-21D4-945D-000000000000}E:\PROGRA~1\STARDO~1\SDIEInt.dll = E:\PROGRA~1\STARDO~1\SDIEInt.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = about:blank

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.10 ----


RootKit

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-14 15:35:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82397940
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 81FB1EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 81FB1EB0
Device \Driver\00000043 \Device\00000042 IRP_MJ_SYSTEM_CONTROL [F844DA26] sptd.sys
Device \Driver\00000043 \Device\00000042 IRP_MJ_DEVICE_CHANGE [F8461BD8] sptd.sys
Device \Driver\00000043 \Device\00000042 IRP_MJ_PNP_POWER [F845A54E] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823970E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823E0280
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823E0280
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8223CB98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82010780
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 82010780
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8223CB98
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 823E0280
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8223CB98
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 823E0280
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 823E0280
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CREATE 823E0280
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CREATE 823E0280
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 820A5E58
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 820A5E58
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 82397B78
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 82397B78
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82055740
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82055740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 82055740
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 820A7D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 820A7D98
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823E0280
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 823D5EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{F2872254-9AA5-4455-95ED-0F18557474E6} IRP_MJ_CREATE 820A5E58
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82217280
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82217280
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81FB6EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81F15910

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\con.xha
File C:\WINDOWS\yelxl1.dll
File C:\WINDOWS\yelxl1.upd
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File D:\System Volume Information\_restore{ABD04069-2213-4676-87BF-3CE96749A2C3}
File D:\System Volume Information\_restore{D64AD624-4993-4289-8B95-75719FBBB77E}
File D:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File E:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File G:\immagini\GoogleEarthScatti\centro.jpg
File G:\immagini\GoogleEarthScatti\leisestersquare.jpg
File G:\immagini\GoogleEarthScatti\londracasa.jpg
File G:\immagini\GoogleEarthScatti\piccadilly.jpg
File H:\System Volume Information\MountPointManagerRemoteDatabase
File H:\System Volume Information\tracking.log
File H:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File H:\System Volume Information\_restore{ABD04069-2213-4676-87BF-3CE96749A2C3}
File H:\System Volume Information\_restore{D64AD624-4993-4289-8B95-75719FBBB77E}
File H:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File I:\System Volume Information\MountPointManagerRemoteDatabase
File I:\System Volume Information\tracking.log
File I:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File I:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}

---- EOF - GMER 1.0.10 ----

Eccoli qui
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
materi è offline  
Old 14-08-2006, 15:31   #9
amvinfe
Senior Member
 
Iscritto dal: Aug 2002
Messaggi: 359
tieni presenti che ad ogni riavvio i nomi da eliminare possono cambiare, quindi se dopo aver fatto i log non hai ancora riavviato,
1. apri Avenger
2. esegui avenger.exe
3. seleziona "Input Script Manually"
4. clicca sulla lente di ingrandimento
5. dalla finestra che si apre ("View/edit script")
6. inserisci

Codice:
Registry values to replace with dummy: 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs 

Files to delete: 
C:\WINDOWS\C:\WINDOWS\con.xha 
C:\WINDOWS\yelxl1.dll 
C:\WINDOWS\yelxl1.upd
C:\Programmi\File comuni\System\YTy.exe
7. clicca su "Done"
8. clicca 2 volte sull'icona a semaforo verde
9. rispondo "YES" 2 volte
10. il pc si riavvia, diversamente riavvialo manualmente
__________________
Pensi d'avere un file infetto? Invialo a
SuspectFile
amvinfe è offline  
Old 14-08-2006, 17:59   #10
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
Quote:
Originariamente inviato da amvinfe
tieni presenti che ad ogni riavvio i nomi da eliminare possono cambiare, quindi se dopo aver fatto i log non hai ancora riavviato,
1. apri Avenger
2. esegui avenger.exe
3. seleziona "Input Script Manually"
4. clicca sulla lente di ingrandimento
5. dalla finestra che si apre ("View/edit script")
6. inserisci

Codice:
Registry values to replace with dummy: 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs 

Files to delete: 
C:\WINDOWS\C:\WINDOWS\con.xha 
C:\WINDOWS\yelxl1.dll 
C:\WINDOWS\yelxl1.upd
C:\Programmi\File comuni\System\YTy.exe
7. clicca su "Done"
8. clicca 2 volte sull'icona a semaforo verde
9. rispondo "YES" 2 volte
10. il pc si riavvia, diversamente riavvialo manualmente
grazie tante, tieni presente che ad ogni riavvio i nomi possino cambiare che significa??
che devo cambiare ogni volta questa riga col file che intendo eliminare?? fino ad eliminarli tutti?
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
materi è offline  
Old 14-08-2006, 18:10   #11
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gqiwmrin

*******************

Script file located at: \??\C:\WINDOWS\mnynogih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\C:\WINDOWS\con.xha for deletion
Deletion of file C:\WINDOWS\C:\WINDOWS\con.xha failed!

Could not process line:
C:\WINDOWS\C:\WINDOWS\con.xha
Status: 0xc0000033

File C:\WINDOWS\yelxl1.dll deleted successfully.
File C:\WINDOWS\yelxl1.upd deleted successfully.
File C:\Programmi\File comuni\System\YTy.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hnmpxxye

*******************

Script file located at: \??\C:\Documents and Settings\phsmeika.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\C:\WINDOWS\con.xha for deletion
Deletion of file C:\WINDOWS\C:\WINDOWS\con.xha failed!

Could not process line:
C:\WINDOWS\C:\WINDOWS\con.xha
Status: 0xc0000033



File C:\WINDOWS\yelxl1.dll not found!
Deletion of file C:\WINDOWS\yelxl1.dll failed!

Could not process line:
C:\WINDOWS\yelxl1.dll
Status: 0xc0000034



File C:\WINDOWS\yelxl1.upd not found!
Deletion of file C:\WINDOWS\yelxl1.upd failed!

Could not process line:
C:\WINDOWS\yelxl1.upd
Status: 0xc0000034



File C:\Programmi\File comuni\System\YTy.exe not found!
Deletion of file C:\Programmi\File comuni\System\YTy.exe failed!

Could not process line:
C:\Programmi\File comuni\System\YTy.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ryr^ccfh

*******************

Script file located at: \??\C:\Documents and Settings\vqyvuhyx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\C:\WINDOWS\con.xha for deletion
Deletion of file C:\WINDOWS\C:\WINDOWS\con.xha failed!

Could not process line:
C:\WINDOWS\C:\WINDOWS\con.xha
Status: 0xc0000033



File C:\WINDOWS\yelxl1.dll not found!
Deletion of file C:\WINDOWS\yelxl1.dll failed!

Could not process line:
C:\WINDOWS\yelxl1.dll
Status: 0xc0000034



File C:\WINDOWS\yelxl1.upd not found!
Deletion of file C:\WINDOWS\yelxl1.upd failed!

Could not process line:
C:\WINDOWS\yelxl1.upd
Status: 0xc0000034



File C:\Programmi\File comuni\System\YTy.exe not found!
Deletion of file C:\Programmi\File comuni\System\YTy.exe failed!

Could not process line:
C:\Programmi\File comuni\System\YTy.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopo aver inserito il codice ho premuto il semaforo verde(non 2 volte ma solo 1 volta) e dopo aver premuto 2 volte si, si è riavviato
Cmq Sono andato sulla Dir file comuni\system e il file e' sparito e sembra non caricarsi piu in memoria, speriamo bene
grazie tante
P.S. se rifaccio i 2 Log potresti ricontrollare?
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
Ultima modifica di materi : 14-08-2006 alle 18:12.
materi è offline  
Old 14-08-2006, 21:27   #12
amvinfe
Senior Member
 
Iscritto dal: Aug 2002
Messaggi: 359
Quote:
Originariamente inviato da materi
Dopo aver inserito il codice ho premuto il semaforo verde(non 2 volte ma solo 1 volta) e dopo aver premuto 2 volte si, si è riavviato
Cmq Sono andato sulla Dir file comuni\system e il file e' sparito e sembra non caricarsi piu in memoria, speriamo bene
grazie tante
P.S. se rifaccio i 2 Log potresti ricontrollare?
fai nuovamente le due scansioni con GMER e posta i log
__________________
Pensi d'avere un file infetto? Invialo a
SuspectFile
amvinfe è offline  
Old 15-08-2006, 16:14   #13
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
Ecco i 2 Log dopo aver eseguito lo script con avenger:

AutoStart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-15 17:02:50
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVP /*Active Virus Shield*/@ = "E:\Programmi\AOL\Active Virus Shield\avp.exe" -r
PDSched /*PDScheduler*/@ = C:\Programmi\Raxco\PerfectDisk\PDSched.exe
SecWgy /*SecWgy*/@ = "C:\Programmi\File comuni\System\YTy.exe" /*file not found*/
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@MagicSpeede:\Programmi\SamsungODD\Magic Speed\MagicSL.exe /autorun /*file not found*/ = e:\Programmi\SamsungODD\Magic Speed\MagicSL.exe /autorun /*file not found*/
@aol"E:\Programmi\AOL\Active Virus Shield\avp.exe" = "E:\Programmi\AOL\Active Virus Shield\avp.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@wininet.dll = /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/e:\Programmi\WinRAR\rarext.dll = e:\Programmi\WinRAR\rarext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "E:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Programmi\AOL\Active Virus Shield\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Programmi\AOL\Active Virus Shield\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}E:\PROGRA~1\SPYBOT~1\SDHelper.dll = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{FFFFFEF0-5B30-21D4-945D-000000000000}E:\PROGRA~1\STARDO~1\SDIEInt.dll = E:\PROGRA~1\STARDO~1\SDIEInt.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = about:blank

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.10 ----

______________________________________________________

RootKit

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-15 17:08:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82397940
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 81E68EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 81E68EB0
Device \Driver\00000043 \Device\00000042 IRP_MJ_SYSTEM_CONTROL [F844DA26] sptd.sys
Device \Driver\00000043 \Device\00000042 IRP_MJ_DEVICE_CHANGE [F8461BD8] sptd.sys
Device \Driver\00000043 \Device\00000042 IRP_MJ_PNP_POWER [F845A54E] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823970E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823970E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823E0260
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823E0260
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8223F3F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 820108C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 820108C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8223F3F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 823E0260
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8223F3F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 823E0260
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 823E0260
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CREATE 823E0260
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CREATE 823E0260
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 820E8C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 820E8C68
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 82397B78
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 82397B78
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82054858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82054858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 82054858
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82182EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 82182EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823E0260
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 820AB5B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F2872254-9AA5-4455-95ED-0F18557474E6} IRP_MJ_CREATE 820E8C68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82201BD8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82201BD8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81F30EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82028EB0

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File D:\System Volume Information\_restore{ABD04069-2213-4676-87BF-3CE96749A2C3}
File D:\System Volume Information\_restore{D64AD624-4993-4289-8B95-75719FBBB77E}
File D:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File E:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File G:\immagini\GoogleEarthScatti\centro.jpg
File G:\immagini\GoogleEarthScatti\leisestersquare.jpg
File G:\immagini\GoogleEarthScatti\londracasa.jpg
File G:\immagini\GoogleEarthScatti\piccadilly.jpg
File H:\System Volume Information\MountPointManagerRemoteDatabase
File H:\System Volume Information\tracking.log
File H:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File H:\System Volume Information\_restore{ABD04069-2213-4676-87BF-3CE96749A2C3}
File H:\System Volume Information\_restore{D64AD624-4993-4289-8B95-75719FBBB77E}
File H:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}
File I:\System Volume Information\MountPointManagerRemoteDatabase
File I:\System Volume Information\tracking.log
File I:\System Volume Information\_restore{2C7D09C2-1D85-4D5B-845A-5FE3100E3EDB}
File I:\System Volume Information\_restore{FF8238E8-C729-4360-A9FE-E22DA0D9CE02}

---- EOF - GMER 1.0.10 ----
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
materi è offline  
Old 15-08-2006, 18:15   #14
amvinfe
Senior Member
 
Iscritto dal: Aug 2002
Messaggi: 359
Quote:
Originariamente inviato da materi
Ecco i 2 Log dopo aver eseguito lo script con avenger:
tutto ok
__________________
Pensi d'avere un file infetto? Invialo a
SuspectFile
amvinfe è offline  
Old 15-08-2006, 19:03   #15
materi
Senior Member
 
L'Avatar di materi
 
Iscritto dal: Sep 2002
Messaggi: 2455
Quote:
Originariamente inviato da amvinfe
tutto ok
Grazie tante
__________________
Asus A8R32_MVP Deluze__A64 x2 4400__Corsair Twinx 2048-3200C2__Ati Sapphire X1900 XTX 512mb__Samsung 20" 2032BW
materi è offline  
Old 16-08-2006, 13:38   #16
JohnPetrucci2006
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 5
LinkOptimizer Problema
Ho anche io un problema con LinkOptimizer...posto lo scan fatto con GMER...voglio qualcuno che mi aiuti a dire cosa devo cancellare con il programma AVIATOR....GRAZIEEEE!aspetto ansioso una risposta...

-----------------------------------------------------------------------

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-16 13:25:54
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * stera /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\prn.zrm

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Diskeeper /*Diskeeper*/@ = C:\Programmi\Executive Software\Diskeeper\DkService.exe
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MacFormatService@ = "C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RPC32 /*RPC32 Locator*/@ = c:\windows\RPC.bat /*file not found*/
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
r_server /*Remote Administrator Service*/@ = "C:\WINDOWS\System32\r_server.exe" /service
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
uploadmgr /*Upload Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
WinKao /*WinKao*/@ = "C:\Programmi\File comuni\System\WRfTW.exe"
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTStartupC:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 V?? d'3 ??? \?? \?? ??? ?H?sV?? 3:?wV?? ?T?w?U?w\?? \?? ??? ?f` ??? ?C@ \?? \?? ???sV?? \?? ???s\?? H'3 d??sH'3 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/ = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 V?? d'3 ??? \?? \?? ??? ?H?sV?? 3:?wV?? ?T?w?U?w\?? \?? ??? ?f` ??? ?C@ \?? \?? ???sV?? \?? ???s\?? H'3 d??sH'3 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@Realtime Audio Enginemmrtkrnl.exe = mmrtkrnl.exe
@NeroFilterCheckC:\WINDOWS\System32\NeroCheck.exe = C:\WINDOWS\System32\NeroCheck.exe
@MSN Sniffer /*file not found*/ = /*file not found*/
@MacLicense"C:\Program Files\Conversions Plus\MacLic.exe" = "C:\Program Files\Conversions Plus\MacLic.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@HPDJ Taskbar UtilityC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@CloneCDTray"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s = "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@ashMaiSvC:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@eBayToolbarC:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe = C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MessengerPlus3"C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\System32\wuaucpl.cpl = C:\WINDOWS\System32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/(null) =
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll = C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/F:\Programmi\SmartFTP\smarthook.dll = F:\Programmi\SmartFTP\smarthook.dll
@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} /*Tauscan Menu*/C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{A0752130-6D75-D111-B5B1-0800095A2318} /*HandyBits File Shredder Virtual Folder*/C:\WINDOWS\System32\tsseShrd.dll = C:\WINDOWS\System32\tsseShrd.dll
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Telefoni personali*/C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\System32\AcSignIcon.dll = C:\WINDOWS\System32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{68B60101-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Format Menu*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{68B60201-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Common Property Sheet*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{92085AD4-F48A-450D-BD93-B28CC7DF67CE} /*eBay Toolbar*/C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/ = C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{8EE3B2A9-8076-4DC1-8BB3-B8A607950903} /*SxExtractImage*/D:\ACCA\EdiLus-CA\EdiLus_PV.DLL = D:\ACCA\EdiLus-CA\EdiLus_PV.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{A5366673-E8CA-11D3-9CD9-0090271D075B}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.msn.com/ = http://www.msn.com/
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\System32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFD642FB-227C-4537-9E95-44C82C1DD5AC} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.100.10 = 192.168.100.10
@DefaultGateway192.168.100.10 = 192.168.100.10
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018@PackedCatalogItem = C:\Programmi\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll /*file not found*/

C:\Documents and Settings\Gaetano\Menu Avvio\Programmi\Esecuzione automatica = PowerReg Scheduler.exe

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Digisoft AntiDialer.lnk = Digisoft AntiDialer.lnk
MacName.lnk = MacName.lnk
Tasto di scelta rapida per l'avvio di AutoCAD.lnk = Tasto di scelta rapida per l'avvio di AutoCAD.lnk

C:\WINDOWS\win.inirun =

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-16 14:32:20
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.10 ----

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E177EC30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82B56A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82B56A30
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82B7F628
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82B7F628
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82B56A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82B56A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 82B56A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 82B56A30
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E159C770
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82AF1008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSEIRP_MJ_READ 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP_POWER 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_WRITE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_EA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_POWER 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_PNP 82AC8008
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 82AC8008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82AF1008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82AF1008

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{7243B55A-63CB-4FA9-B7F7-3D48671B3EA4}
File C:\System Volume Information\_restore{7243B55A-63CB-4FA9-B7F7-3D48671B3EA4}(2)
File C:\System Volume Information\_restore{DF1BAB93-73DE-448E-8D5E-1C229CAC1E89}
File C:\WINDOWS\chthc1.del
File C:\WINDOWS\chthc1.dll
File C:\WINDOWS\prn.zrm

---- EOF - GMER 1.0.10 ----
JohnPetrucci2006 è offline  
Old 17-08-2006, 09:46   #17
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da JohnPetrucci2006
Ho anche io un problema con LinkOptimizer...posto lo scan fatto con GMER...voglio qualcuno che mi aiuti a dire cosa devo cancellare con il programma AVIATOR....GRAZIEEEE!aspetto ansioso una risposta...
Segui le istruzioni riguardo a theavenger chiaramente descritte da amvinfe in questo stesso thread, ma sostituisci lo script con il seguente:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:

C:\Programmi\File comuni\System\WRfTW.exe
C:\WINDOWS\chthc1.del
C:\WINDOWS\chthc1.dll
C:\WINDOWS\prn.zrm

Posta il log di theavenger, perchè voglio vedere se è andato a buon fine e cosa ha cancellato e cosa no, visto che i nomi dei file possono cambiare ad ogni riavvio.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 17-08-2006, 13:08   #18
JohnPetrucci2006
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 5
Ecco il mio nuovo test di GMER dopo aver pulito con Aviator...!!

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-17 13:16:51
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
Diskeeper /*Diskeeper*/@ = C:\Programmi\Executive Software\Diskeeper\DkService.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
MacFormatService@ = "C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE
RPC32 /*RPC32 Locator*/@ = c:\windows\RPC.bat /*file not found*/
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
WinKao /*WinKao*/@ = "C:\Programmi\File comuni\System\bYmts.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTStartupC:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 ? ? ?&2 ??? \?? \?? ??? ?H?s? ? 3:?w? ? ?T?w?U?w\?? \?? ??? ??` ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 d??s?&2 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/ = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 ? ? ?&2 ??? \?? \?? ??? ?H?s? ? 3:?w? ? ?T?w?U?w\?? \?? ??? ??` ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 d??s?&2 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@NeroFilterCheckC:\WINDOWS\System32\NeroCheck.exe = C:\WINDOWS\System32\NeroCheck.exe
@MacLicense"C:\Program Files\Conversions Plus\MacLic.exe" = "C:\Program Files\Conversions Plus\MacLic.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@rrfqfoeqC:\wwxfhlxa.bat = C:\wwxfhlxa.bat
@^R_P]ZS[C:\vobnxnjs.bat = C:\vobnxnjs.bat

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MessengerPlus3"C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/(null) =
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll = C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/F:\Programmi\SmartFTP\smarthook.dll = F:\Programmi\SmartFTP\smarthook.dll
@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} /*Tauscan Menu*/C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{A0752130-6D75-D111-B5B1-0800095A2318} /*HandyBits File Shredder Virtual Folder*/C:\WINDOWS\System32\tsseShrd.dll = C:\WINDOWS\System32\tsseShrd.dll
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Telefoni personali*/C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\System32\AcSignIcon.dll = C:\WINDOWS\System32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{68B60101-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Format Menu*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{68B60201-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Common Property Sheet*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{92085AD4-F48A-450D-BD93-B28CC7DF67CE} /*eBay Toolbar*/C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/ = C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{8EE3B2A9-8076-4DC1-8BB3-B8A607950903} /*SxExtractImage*/D:\ACCA\EdiLus-CA\EdiLus_PV.DLL = D:\ACCA\EdiLus-CA\EdiLus_PV.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{336E2E93-4884-E93B-CA1E-446827244801}C:\WINDOWS\chthc1.dll /*file not found*/ = C:\WINDOWS\chthc1.dll /*file not found*/
@{A5366673-E8CA-11D3-9CD9-0090271D075B}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.msn.com/ = http://www.msn.com/
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFD642FB-227C-4537-9E95-44C82C1DD5AC} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.100.10 = 192.168.100.10
@DefaultGateway192.168.100.10 = 192.168.100.10
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018@PackedCatalogItem = C:\Programmi\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll /*file not found*/

C:\Documents and Settings\Gaetano\Menu Avvio\Programmi\Esecuzione automatica = PowerReg Scheduler.exe

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Digisoft AntiDialer.lnk = Digisoft AntiDialer.lnk
MacName.lnk = MacName.lnk

C:\WINDOWS\win.inirun =

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-17 14:03:25
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1B2E490
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82BC4F00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82BC4F00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82BC4F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82B3C5D0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82B3C5D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82BC4F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 82BC4F00
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 82BC4F00
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1009D40
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82D20AE0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSEIRP_MJ_READ 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP_POWER 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_WRITE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_EA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_POWER 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_PNP 82BDC840
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 82BDC840
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82D20AE0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82D20AE0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE B57B4143

---- Modules - GMER 1.0.10 ----

Module _________ F743C000

---- Registry - GMER 1.0.10 ----

Reg \Registry\USER\S-1-5-21-1004336348-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\hamvccrq\rZhyrCyhf i0.24o 2 Ifry\rZhyrCyhf i0.24o 2 Ifry\Vapbzvat\Xnfcrefxl Nagvivehf NIC 4.0.7.0 Se + Xrlf + Cnpx znvagranapr - Fcnegngrhe\Xnfcrefxl Nagvivehf NIC 4.0.7.0 Se + Xrlf + Cnpx znvagranapr\Cnpx Znvagranapr\xnihcqngrcnpx40_4sera.rkr 0x64 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1004336348-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Tnrgnab\Qbphzragv\Zl Erprvirq Svyrf\elxvtnz-i2.6o\elxvtnz-i2.6o\elxvtnz-i2.6o\Vapbzvat\Abxvn 3650 - 7650 Tnzrf, Fbhaqf, Cebtenzf, Xrlf, Fbafgvtrf\Abxvn 3650 - 7650 Tnzrf, Fbhaqf, Cebtenzf, Xrlf, Fbafgvtrf\Xrlf\ErzvaqZr.rkr 0x4D 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1004336348-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Tnrgnab\Qbphzragv\Zl Erprvirq Svyrf\elxvtnz-i2.6o\elxvtnz-i2.6o\elxvtnz-i2.6o\Vapbzvat\Abq32 Nagvivehf I2 000 6 Vapy Penpx-Pber-Cyrnfherqbzr101\ABQ32 NagvIvehf i2.000.6 Vapy penpx-PBER-Cyrnfherqbzr101.pbz\aragrafg.rkr 0x8D 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1004336348-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Qbphzragf naq Frggvatf\Tnrgnab\Qbphzragv\Svyr evprihgv\QPFgrnygui0_43\QPFgrnygui0_43\Qbjaybnqf\Nq-njner.6.0.Cebsrffvbany.Ohvyq.181.+.Frevny.+.Ynathntr.Cnpx\Nq-njner 6.0 Cebsrffvbany Ohvyq 181 + Frevny + Ynathntr Cnpx ol ZnTAhF\Nq-njner 6 Ceb Ohvyq 181.rkr 0x71 0x01 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1004336348-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Tnrgnab\Qrfxgbc\rZhyr-0.46p-ZbecuKG-i7.7-ova\rzhyr\Vapbzvat\Areb.Oheavat.Ebz.7.0.1.2.Bayl.VGN.Funerq.Ol.Ybeq.Fcrpger\Areb.Oheavat.Ebz.7.0.1.2.Bayl.VGN.Funerq.Ol.Ybeq.Fcrpger\Areb 7 CyhtVa Cnpx\Areb 7 CyhtVa Cnpx i1.0.0.1.rkr 0xE2 0x04 0x00 0x00 ...

---- Files - GMER 1.0.10 ----


File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{7243B55A-63CB-4FA9-B7F7-3D48671B3EA4}
File C:\System Volume Information\_restore{7243B55A-63CB-4FA9-B7F7-3D48671B3EA4}(2)
File C:\System Volume Information\_restore{DF1BAB93-73DE-448E-8D5E-1C229CAC1E89}

---- EOF - GMER 1.0.10 ----


Vorrei fare un'altra domanda...come mai quando avvio FIREFOX scarica in automatico un file..(una guida universitaria)?precisamente..
http://www.dse.uniba.it/Corsi/docent.../6175-8_20.ppt
E' possibile bloccare lo scarico?Grazieeeee spero di aver risolto tuttoooo...attendo una tua rispostaaaaa!ancora Grazieeee!!Distinti saluti!
JohnPetrucci2006 è offline  
Old 17-08-2006, 14:07   #19
JohnPetrucci2006
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 5
ecco il log di avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\^ldrklfh

*******************

Script file located at: \??\C:\WINDOWS\System32\adyyhijc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\File comuni\System\bYmts.exe deleted successfully.


File C:\WINDOWS\chthc1.del not found!
Deletion of file C:\WINDOWS\chthc1.del failed!

Could not process line:
C:\WINDOWS\chthc1.del
Status: 0xc0000034

File C:\WINDOWS\chthc1.dll deleted successfully.
File C:\WINDOWS\prn.zrm deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rdqgieqx

*******************

Script file located at: \??\C:\Program Files\kovwcbef.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\File comuni\System\bYmts.exe not found!
Deletion of file C:\Programmi\File comuni\System\bYmts.exe failed!

Could not process line:
C:\Programmi\File comuni\System\bYmts.exe
Status: 0xc0000034



File C:\WINDOWS\chthc1.del not found!
Deletion of file C:\WINDOWS\chthc1.del failed!

Could not process line:
C:\WINDOWS\chthc1.del
Status: 0xc0000034



File C:\WINDOWS\chthc1.dll not found!
Deletion of file C:\WINDOWS\chthc1.dll failed!

Could not process line:
C:\WINDOWS\chthc1.dll
Status: 0xc0000034



File C:\WINDOWS\prn.zrm not found!
Deletion of file C:\WINDOWS\prn.zrm failed!

Could not process line:
C:\WINDOWS\prn.zrm
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Cmq la linea internet ogni mezzora cade...e sono costretto a riavviare per collegarmi...!!AIUTATEMIIII!!HELP ME!
JohnPetrucci2006 è offline  
Old 17-08-2006, 18:42   #20
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Allora: il rootkit non c'è più, perlomeno nelle sue componenti di base, ora bisognerebbe vedere se è rimasto qualcos'altro allora.. Prima di tutto vedo dal log due file strani:
C:\wwxfhlxa.bat
C:\vobnxnjs.bat
Guarda un pò se esistono in risorse del computer -> c:\ e se ci sono cerca di incollare il loro contenuto qua sul forum, tanto dovrebbero essere file di testo.
Inoltre, se vuoi, fai una scansione con hijackthis e postala sul forum, con quello si fa un pò prima a dare un'occhiata globale rispetto a gmer.
Infine, procurati rootkitrevealer e prova a dare una passata anche con quello, ma mi raccomando: mentre lo esegui chiudi tutte le applicazioni e non fare niente con il pc, nemmeno navigare, perchè altrimenti si creano falsi positivi.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Pagina 1 di 7 1 2 3 4 5 > Ultima »
 Discussione Chiusa

« Discussione precedente | Discussione successiva »

Huawei Matebook 14: sottile, robusto e con un gran display Huawei Matebook 14: sottile, robusto e con un gr...
HONOR 200 Series e Studio Harcourt: come fare ritratti con uno smartphone HONOR 200 Series e Studio Harcourt: come fare ri...
Recensione realme GT 6: un nuovo flagship killer con display top e ricarica da 120W Recensione realme GT 6: un nuovo flagship killer...
OPPO Reno12 Pro 5G: l'AI arriva alla portata di tutti! La recensione OPPO Reno12 Pro 5G: l'AI arriva alla portata di ...
Opel Astra e il ritorno del GSE: ora la parte elettrica significa sportività Opel Astra e il ritorno del GSE: ora la parte el...
Secret Lab: arrivano le promozioni estiv...
Aveva 596 CPU nascoste nell'auto: uomo a...
Dell: metà dei dipendenti rinunci...
Diablo IV è il miglior lancio di ...
DJI Power 500: ce n'era veramente bisogn...
PlayStation VR2 è un flop: Sony, ...
Lo strano caso della cittadina americana...
L'energia rinnovabile a maggio ha copert...
Beyond Good & Evil: remaster la pros...
Fiat Grande Panda, elettrica o benzina, ...
Starlink Mini, il servizio Internet sate...
TSMC, dai wafer rotondi a quelli rettang...
Minecraft arriverà finalmente anche su P...
Razer DeathAdder V3 HyperSpeed: prestazi...
Una vulnerabilità UEFI impatta po...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 22:41.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Served by www3v