Non riesco a togliere spyware...

FazY · 30-11-2006, 09:18

Ho un problema e chiedo consiglio a voi su come risolvere.
Inizio dicendo che nel pc ho win Xp con installato kaspersky internet security 6.0.
Ieri il pc mi ha subito dei strani rallentamenti, apro il task manager e scopro un'applicazione chiamata "43exemodul32f.b.exe" che utilizza 90% delle risorse.
La chiudo e tutto torna nella norma.
Avvio ad-aware di Lavasoft ma non trova nulla.
Provo con spaybot e nemmeno quello mi trova nulla.
Avvio "msconfig" e non trovo nulla di anomalo nell'avvio automatico.
Allora vado nella cartella "c:\Documents and Settings\(mio nome utente)\Impostazioni locali\temp", li trovo dei file con estensione .exe con strani nomi, tipo "32exemodul.b.exe" "41exebottf.b.exe" ecc.
Li cancello senza problemi e riavvio il pc.
Torno a controllare la cartella e non risulta esserci nulla.
Avvio la connessione e dopo un po mi torna fuori sul task manager l'applicazione "43exemodul32f.b.exe".
Vado nella cartella "temp" e noto che sono tornati fuori tutti i file di prima.

Che posso fare per togliere definitivamente questa applicazione???

P.S. Nella cartella "c:\windows\temp" non ce nulla, inoltre ho gia disattivato la funzione di "Ripristino configurazione di sistema".

bReAkDoWn · 30-11-2006, 09:47

Fai due scansioni con gmer, seguendo queste istruzioni, e posta il risultato sul forum.

Scaricare gmer (www.gmer.net) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurarsi che in entrambe le scansioni NON sia selezionata l'opzione show all e lasciare tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e chiudere tutte le applicazion aperte.

wizard1993 · 30-11-2006, 11:39

Quote:

Originariamente inviato da bReAkDoWn

Fai due scansioni con gmer, seguendo queste istruzioni, e posta il risultato sul forum.

Scaricare gmer (www.gmer.net) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurarsi che in entrambe le scansioni NON sia selezionata l'opzione show all e lasciare tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e chiudere tutte le applicazion aperte.

inoltre fai una scan con hijackthis e posta il log

FazY · 30-11-2006, 13:42

Ho fatto le scansioni, vi mostro i risutati.
Dico subito che nella cartella "c:\Documents and Settings\(mio nome utente)\Impostazioni locali\temp" erano presenti una 30a di file con estensioni .exe e strani nomi.
Inoltre sul task manager era presente questa applicazione: "76exmodul32.b.exe"

Scansione Con GMER:

Rootkit:
MER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-11-30 13:32:43
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF2E 5 Bytes JMP EE0316C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF718 5 Bytes JMP EE031B50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP EE033E10 \??\C:\WINDOWS\system32\drivers\klif.sys
.text USBPORT.SYS!DllUnload F635262C 5 Bytes JMP 862F8860

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 27001B60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!FindResourceExW 7C80AB10 7 Bytes JMP 27001AD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 27001A50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 27001C00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LockResource 7C80C6CF 2 Bytes JMP 27001CA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LockResource + 3 7C80C6D2 2 Bytes [ 7F, AA ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 27001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003750 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003260 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004A90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!send 71A3428A 5 Bytes JMP 27009640 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27009430 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!recv 71A3615A 5 Bytes JMP 270092A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 270097C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 270099D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 27002B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 27001D00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 27001E00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!HttpOpenRequestA 771936AD 5 Bytes JMP 270081B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 27008490 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 270083E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 27008310 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865621D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85ED73B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 862F7940
Device \Driver\00000050 \Device\00000051 IRP_MJ_POWER [F72BEC7E] sptd.sys
Device \Driver\00000050 \Device\00000051 IRP_MJ_SYSTEM_CONTROL [F72D82A2] sptd.sys
Device \Driver\00000050 \Device\00000051 IRP_MJ_PNP [F72D9228] sptd.sys
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 863B71D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865D51D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865651D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862A0748
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 865641D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 862A0748
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8601A980
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_PNP 865D41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_PNP 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_PNP 8601A980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 862F7940
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 863B71D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 865D41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86102980
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 865D41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86102980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865651D8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_CREATE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_CLOSE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_POWER 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_SYSTEM_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_PNP 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_CREATE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_CLOSE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_POWER 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_PNP 862554A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85ED73B8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8612C698

---- Threads - GMER 1.0.12 ----

Thread 4:172 8643B950
Thread 4:176 8641BC60
Thread 4:180 8641BC60
Thread 4:1924 84B33560

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.12 ----

ADS C:\+Discografia+\Gigi D'Agostino\(2006) Some Experiments\Cd 1\01. Dottor Dag - Lo Sbaglio (Quaglio Mix).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\(Cambia La Tua Vita).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\(Cammino).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Gigi D'Agostino - Please Don't Cry.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Gigi D'Agostino Feat. Diana - Vorrei Fare Una Canzone.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Onironauti - Eden (Vocal Remix).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\01. Linda Pearl - Into.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\02. Linda Pearl - Muetzi.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\03. Killswitch & Reset - Freddys Revenge.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\04. Viper XXL - Punisher.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\05. Felix Kröcher - A Marked Preference For Hardtechno.mp3:Roxio EMC Stream
ADS ...

---- EOF - GMER 1.0.12 ----

Autorun:
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2006-11-30 13:33:14
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostvistaui.exe = vistaui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon@DLLName = C:\WINDOWS\system32\klogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Internet Security 6.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
nTuneService /*nTune Service*/@ = C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe /StartService /*file not found*/
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SimpTcp /*Servizi semplici TCP/IP*/@ = %SystemRoot%\system32\tcpsvcs.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@CTSysVolC:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r /*file not found*/
@P17HelperRundll32 P17.dll,P17Helper = Rundll32 P17.dll,P17Helper
@EPSON Stylus C64 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
@PD0630 STISvcRunDLL32.exe P0630Pin.dll,RunDLL32EP 513 = RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
@NVIDIA nTune"C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear = "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
@amd_dc_opt"C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe" = "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@LClockC:\Programmi\LClock\LClock.exe = C:\Programmi\LClock\LClock.exe
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@kis"C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
@updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\kbcplext.dll = C:\Programmi\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\mcplext.dll = C:\Programmi\Logitech\SetPoint\mcplext.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) =
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
@{598F4775-6FB6-477B-9842-E0426824E077}C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll = C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.leeman-automatisering.nl/startpagina = http://www.leeman-automatisering.nl/startpagina
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Logitech SetPoint.lnk = Logitech SetPoint.lnk
QuickTV6.lnk = QuickTV6.lnk

---- EOF - GMER 1.0.12 ----

Scansione con hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13.34.43, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\AVerTV 6.0\AVerQT.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\DOCUME~1\B3T@\IMPOST~1\Temp\76exmodul32f.b.exe
C:\Documents and Settings\B3T@\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.leeman-automatisering.nl/startpagina
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickTV6.lnk = C:\Programmi\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148463263281
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1FD66A-2635-4017-80EC-B7810CCB9F74}: NameServer = 85.37.17.14 85.38.28.78
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)

bReAkDoWn · 30-11-2006, 23:20

Fixa questa voce, riavvia, rifai una scansione con hijackthis e guarda se ricompare, o comunque se ricompare una terza voce di tipo O2 in aggiunta a quelle di acrobat e flashget.

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll

FazY · 01-12-2006, 09:01

Forse ho risolto....
Ho provato ad aggiornare kaspersky e a fargli fare una scansione approfondita.

Mi ha trovato ed eliminato questi oggetti:
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._5077_1814/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._1374_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._8017_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._4156_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pp URL: http://up.medbod.com/up/setup.exe
eliminato: un adware not-a-virus:AdWare.Win32.Agent.au Il file: c:\documents and settings\b3t@\impostazioni locali\temp\~dp1a2.dll

So che dopo non mi si è piu presentata quella strana applicazione nel task manager, ma non ho avuto tempo di fare altre prove, percio non posso garantire di aver eliminato completamente il problema...

wizard1993 · 01-12-2006, 11:55

Quote:

Originariamente inviato da FazY

Forse ho risolto....
Ho provato ad aggiornare kaspersky e a fargli fare una scansione approfondita.

Mi ha trovato ed eliminato questi oggetti:
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._5077_1814/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._1374_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._8017_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._4156_1289/UPX
rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pp URL: http://up.medbod.com/up/setup.exe
eliminato: un adware not-a-virus:AdWare.Win32.Agent.au Il file: c:\documents and settings\b3t@\impostazioni locali\temp\~dp1a2.dll

So che dopo non mi si è piu presentata quella strana applicazione nel task manager, ma non ho avuto tempo di fare altre prove, percio non posso garantire di aver eliminato completamente il problema...

elimina i file temporanei di interet e fi una scan in modalità provvisoria

30-11-2006, 09:18	#1
FazY Member Iscritto dal: Apr 2006 Messaggi: 195	Non riesco a togliere spyware... Ho un problema e chiedo consiglio a voi su come risolvere. Inizio dicendo che nel pc ho win Xp con installato kaspersky internet security 6.0. Ieri il pc mi ha subito dei strani rallentamenti, apro il task manager e scopro un'applicazione chiamata "43exemodul32f.b.exe" che utilizza 90% delle risorse. La chiudo e tutto torna nella norma. Avvio ad-aware di Lavasoft ma non trova nulla. Provo con spaybot e nemmeno quello mi trova nulla. Avvio "msconfig" e non trovo nulla di anomalo nell'avvio automatico. Allora vado nella cartella "c:\Documents and Settings\(mio nome utente)\Impostazioni locali\temp", li trovo dei file con estensione .exe con strani nomi, tipo "32exemodul.b.exe" "41exebottf.b.exe" ecc. Li cancello senza problemi e riavvio il pc. Torno a controllare la cartella e non risulta esserci nulla. Avvio la connessione e dopo un po mi torna fuori sul task manager l'applicazione "43exemodul32f.b.exe". Vado nella cartella "temp" e noto che sono tornati fuori tutti i file di prima. Che posso fare per togliere definitivamente questa applicazione??? P.S. Nella cartella "c:\windows\temp" non ce nulla, inoltre ho gia disattivato la funzione di "Ripristino configurazione di sistema".

30-11-2006, 09:47	#2
bReAkDoWn Senior Member Iscritto dal: Jun 2003 Città: ..By The Sea.. Messaggi: 564	Fai due scansioni con gmer, seguendo queste istruzioni, e posta il risultato sul forum. Scaricare gmer (www.gmer.net) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurarsi che in entrambe le scansioni NON sia selezionata l'opzione show all e lasciare tutte le altre opzioni così come sono. Infine, durante la scansione rootkit non utilizzare il pc e chiudere tutte le applicazion aperte. __________________ Without Contraries is no Progression...

30-11-2006, 23:20	#5
bReAkDoWn Senior Member Iscritto dal: Jun 2003 Città: ..By The Sea.. Messaggi: 564	Fixa questa voce, riavvia, rifai una scansione con hijackthis e guarda se ricompare, o comunque se ricompare una terza voce di tipo O2 in aggiunta a quelle di acrobat e flashget. O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll __________________ Without Contraries is no Progression...

01-12-2006, 09:01	#6
FazY Member Iscritto dal: Apr 2006 Messaggi: 195	Forse ho risolto.... Ho provato ad aggiornare kaspersky e a fargli fare una scansione approfondita. Mi ha trovato ed eliminato questi oggetti: rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._5077_1814/UPX rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._1374_1289/UPX rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._8017_1289/UPX rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pl URL: http://up.medbod.com/up/modul32e.q.e..._4156_1289/UPX rilevato: un programma trojan Trojan-Proxy.Win32.Horst.pp URL: http://up.medbod.com/up/setup.exe eliminato: un adware not-a-virus:AdWare.Win32.Agent.au Il file: c:\documents and settings\b3t@\impostazioni locali\temp\~dp1a2.dll So che dopo non mi si è piu presentata quella strana applicazione nel task manager, ma non ho avuto tempo di fare altre prove, percio non posso garantire di aver eliminato completamente il problema...

Strumenti
Mostra una versione stampabile Invia questa pagina per email