Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina Win32:dialer-1060

Recensione Xiaomi Pad 8 Pro: potenza bruta e HyperOS 3 per sfidare la fascia alta
Recensione Xiaomi Pad 8 Pro: potenza bruta e HyperOS 3 per sfidare la fascia alta
Xiaomi Pad 8 Pro adotta il potente Snapdragon 8 Elite all'interno di un corpo con spessore di soli 5,75 mm e pannello LCD a 144Hz flicker-free, per un tablet che può essere utilizzato con accessori dedicati di altissima qualità. Fra le caratteristiche esclusive, soprattutto per chi intende usarlo con la tastiera ufficiale, c'è la modalità Workstation di HyperOS 3, che trasforma Android in un sistema operativo con interfaccia a finestre
NZXT H9 Flow RGB+, Kraken Elite 420 e F140X: abbiamo provato il tris d'assi di NZXT
NZXT H9 Flow RGB+, Kraken Elite 420 e F140X: abbiamo provato il tris d'assi di NZXT
Nelle ultime settimane abbiamo provato tre delle proposte top di gamma di NZXT nelle categorie case, dissipatori e ventole. Rispettivamente, parliamo dell'H9 Flow RGB+, Kraken Elite 420 e F140X. Si tratta, chiaramente, di prodotti di fascia alta che si rivolgono agli utenti DIY che desiderano il massimo per la propria build. Tuttavia, mentre i primi due dispositivi mantengono questa direzione, le ventole purtroppo hanno mostrato qualche tallone d'Achille di troppo
ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz
ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz
ASUS ROG Swift OLED PG34WCDN è il primo monitor gaming con pannello QD-OLED Gen 5 a layout RGB Stripe Pixel e 360 Hz su 34 pollici: lo abbiamo misurato con sonde colorimetriche e NVIDIA LDAT. Ecco tutti i dati
Unitree H1: il robot umanoide vicino al record mondiale dei 100 metri
GPU esterne: PCI-SIG porta le prestazioni vicine al 100%, ma il collegamento costa più di una RTX 5090
Per Lenovo i giocatori sono ricchi: Legion Go 2 arriva quasi a raddoppiare il prezzo
Polaroid lancia la nuova stampante Hi-Print 3x3 pensata per le stampe quadrate
Da Kyndryl un gemello digitale per il digital workplace
La Cina si prepara a una nuova missione sulla Luna: Chang'e-7 avrà un rover e un hopper oltre a lander e orbiter
Climatizzatore Inverter A++ con Wi-Fi a 289,90€: le specifiche tecniche del COMFEE' TROPICAL 12K in offerta su Amazon
NZXT Flex, lo 'scandalo' del PC gaming a noleggio si chiude con un accordo da 3,45 milioni di dollari
Robot lavavetri in offerta su Amazon: ECOVACS WINBOT W3 OMNI, 16 ugelli e niente stracci da sciacquare
Attenti a questo update fake di Windows 11: bypassa l'antivirus e svuota i conti
NIO chiede la standardizzazione di batterie e chip nelle auto elettriche: risparmi possibili per 12 miliardi di euro
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 27-10-2007, 22:52   #1
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
Win32:dialer-1060
Salve... chiedo il vostro aiuto perchè anche a me all'avvio del pc avast segnala per ben 3 volte il Win32:dialer-1060(trj).
Ho provato con avast in modalità provvisioria, ad aware, a-squared ma il problema sussiste. ho letto altri post e credo vi sia utile il mio log di HiJackThis:

Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.51.45, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.781\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159128200864
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photocity.it/areaclienti/...eUploader4.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://webgames.d.tmsrv.com/c=6db12c...oadControl.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 9811 bytes


Spero di aver fatto la cosa giusta, non conosco questo software e per questo vi chiedo aiuto! (sono ben accetti anche altri suggerimenti su altri possibili programmi "sospetti"...)
Grazie infinite.... Simona
Ultima modifica di xcdegasp : 28-10-2007 alle 15:16.
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:01   #2
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
servono:
1)log di gmer
2)log di findawf
3)log di hijackthis con startup list
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:13   #3
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
scusa la domanda, ma ome faccio a fare il log di hijack con startup list?
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:16   #4
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
clicchi su generate startup list log
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:19   #5
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
scusa per la mia ignoranza.... eccola:

Codice:
StartupList report, 28/10/2007, 1.19.06
StartupList version: 1.52.2
Started from : C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.750\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.969\gmer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.750\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\TATI\Menu Avvio\Programmi\Esecuzione automatica]
Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus D68 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
OODefragTray = C:\WINDOWS\system32\oodtray.exe
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -atboottime
Babylon Client = C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
NeroFilterCheck = C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
NBKeyScan = "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
a-squared = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
a-squared Anti-Dialer = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus D68 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
IncrediMail = C:\Programmi\IncrediMail\bin\IncMail.exe /c
Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
Picasa Media Detector = C:\Programmi\Picasa2\PicasaMediaDetector.exe
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
 = 

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Skype add-on (mastermind) - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Programmi\QuickTime\QTPlugin.ocx
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/downlo...eckControl.cab

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programmi\Yahoo!\Common\yinsthelper.dll

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsof...?1159128200864

[Image Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
CODEBASE = http://www.photocity.it/areaclienti/...eUploader4.cab

[DVCDownloadControl]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DVCDOW~1.OCX
CODEBASE = http://webgames.d.tmsrv.com/c=6db12c...oadControl.cab

[Photodex Presenter AX control]
InProcServer32 = C:\PROGRA~1\PHOTOD~1\pxplay.ocx
CODEBASE = http://www.photodex.com/pxplay.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab

[Aurigma Image Uploader 2.5]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IMAGEU~1.OCX
CODEBASE = http://www.digitalpix.it/controls/ImageUploader2.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Programmi\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\TATI\Cookies\index.dat


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 9.151 bytes
Report generated in 0,094 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
Ultima modifica di xcdegasp : 28-10-2007 alle 15:17.
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:20   #6
Riverside
Bannato
 
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
Quote:
Originariamente inviato da slucc Guarda i messaggi
Salve... chiedo il vostro aiuto perchè anche a me all'avvio del pc avast segnala per ben 3 volte il Win32:dialer-1060(trj).
Ho provato con avast in modalità provvisioria, ad aware, a-squared ma il problema sussiste. ho letto altri post e credo vi sia utile il mio log di HiJackThis
Disabilita il Ripristino configurazione di sistema, ed inizia con il fixare questi voci:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" –atboottime

O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe –AutoStart

O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://webgames.d.tmsrv.com/c=6db12c...oadControl.cab

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB

Poi:

installa JAVASUN: clicca qui per il download

Prosegui seguendo le indicazioni di Juninho:
Quote:
Originariamente inviato da juninho85 Guarda i messaggi
servono:
1)log di gmer
2)log di findawf
3)log di hijackthis con startup list
GMER:
clicca qui per il download
Utility Antirootkit in grado di rilevare molte informazioni nascoste di Windows

FINDAWF: clicca qui per il download
Tool per la rilevazione della directory BAK e per la rimozione del Trojan.win32.Obfuscated.dr

Pubblica, nella discussione, i log di GMER e FIDAWF utilizzando la funzione Gestisci Allegati ed attendi che qualcuno li analizzi e ti suggerisca come procedere.
Ultima modifica di Riverside : 28-10-2007 alle 00:25.
Riverside è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:34   #7
Riverside
Bannato
 
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
Quote:
Originariamente inviato da slucc Guarda i messaggi
scusa ..... C:\WINDOWS\System32\alg.exe
Utilizzi il firewall integrato di Windows XP?

in ogni caso, esegui, anche, una scansione da qui:
BITDEFENDER ONLINE SCANNER clicca qui per lo scan online
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● pubblica, qui, il Report che verrà rilasciato
Riverside è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:36   #8
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
ok... ho fixato gli errori... e adesso sta andando gmer, ma credo ne abbia per un po'.... Domani vi posto i log...
Grazie infinite intanto per l'aiuto....
Simona
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:38   #9
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
ops... questo ve lo mando.... gmer sta frullando.... A domani

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:39   #10
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
scusa l'ho visto adesso... si, il firewall di xp è attivato.
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:41   #11
Riverside
Bannato
 
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
Quote:
Originariamente inviato da slucc Guarda i messaggi
ops... questo ve lo mando....
Ok Simona benvenuta nel girone dei dannati
Il log è pulito; devi, comunque, proseguire con il resto.
Quote:
Originariamente inviato da slucc Guarda i messaggi
scusa l'ho visto adesso... si, il firewall di xp è attivato.
Meglio cosi, almeno non abbiamo a che fare con un altro trojan.
Riverside è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 00:45   #12
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
Grazie... della serie "lasciate ogni speranza voi ch'entrate....". Ok
adesso vado a letto.. domani di prima mattina vi mando il log di gmer (che spero abbia finito e di bitdefender. Grazie e Buonanotte!
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 12:04   #13
Gle89
Senior Member
 
L'Avatar di Gle89
 
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
Simona,ci sono novità?
Gle89 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 12:19   #14
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
Ehi grazie, ci soo... ieri sera praticamente si è impallato il pc.... stamani l'ho riacceso ma avast da ancora il dialer. st facendo fare gmer, pi ho pensato di postarvi di nuovo tutti i log (visto che ho fixato gli errori eche cmq c'è stato un riavvio)... vi ringrazio.... ps ma è normale che gmer ci metta così tanto? ...è un pezzetto che sta analizzando una voce di registro (credo) \registry\USER\S-1-2-21-etc etc....
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 12:32   #15
Gle89
Senior Member
 
L'Avatar di Gle89
 
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
Intanto riposta un log di HJT,vai
Gle89 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 14:05   #16
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
Allora ecco i log che per adesso ho pronti.... un appunto.. gmer mi avvertiva che ha rilevato attività di rootkit....


Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.59.46, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\TATI\Desktop\SetupProgrammi\ANTIVIRUS\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /O17 "\\LAVORO\EPSONSty" /M "Stylus D68"
O4 - HKLM\..\Run: [Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P70 "Automatico Automatico EPSON Stylus D68 Series su COMPUTERINO su LAVORO" /O17 "\\LAVORO\Automati" /M "Stylus D68"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P63 "Automatico Automatico EPSON Stylus D68 Series su TATI su LAVORO" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159128200864
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photocity.it/areaclienti/...eUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8891 bytes





GMER

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-28 14:58:31
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT            a347bus.sys                                                                                            ZwClose
SSDT            a347bus.sys                                                                                            ZwCreateKey
SSDT            a347bus.sys                                                                                            ZwCreatePagingFile
SSDT            a347bus.sys                                                                                            ZwEnumerateKey
SSDT            a347bus.sys                                                                                            ZwEnumerateValueKey
SSDT            a347bus.sys                                                                                            ZwOpenFile
SSDT            a347bus.sys                                                                                            ZwOpenKey
SSDT            a347bus.sys                                                                                            ZwQueryKey
SSDT            a347bus.sys                                                                                            ZwQueryValueKey
SSDT            a347bus.sys                                                                                            ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.13 ----

?               C:\WINDOWS\system32\Drivers\mchInjDrv.sys                                                              Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtEnumerateKey                        7C91D94C 6 Bytes  PUSH 01022783; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtEnumerateValueKey                   7C91D976 6 Bytes  PUSH 0102242E; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtQuerySystemInformation              7C91E1AA 6 Bytes  CALL 3F92E3D4 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtSetValueKey                         7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtSetValueKey + 4                     7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtWriteFile                           7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ntdll.dll!NtWriteFile + 4                       7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!LoadLibraryExW                     7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!WriteProcessMemory                 7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] kernel32.dll!OpenProcess                        7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceA                     77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceW                     77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] ADVAPI32.dll!CreateServiceW + 4                 77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] WS2_32.dll!connect                              71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] WS2_32.dll!listen                               71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe[256] SHELL32.dll!Shell_NotifyIconW                   7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtEnumerateKey                    7C91D94C 6 Bytes  PUSH 02982783; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtEnumerateValueKey               7C91D976 6 Bytes  PUSH 0298242E; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtQuerySystemInformation          7C91E1AA 6 Bytes  CALL 3F9479D4 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtSetValueKey                     7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtSetValueKey + 4                 7C91E7C0 2 Bytes  [ 1D, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtWriteFile                       7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ntdll.dll!NtWriteFile + 4                   7C91E9F7 2 Bytes  [ 1A, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!LoadLibraryExW                 7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!WriteProcessMemory             7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!FreeLibrary + 15               7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] kernel32.dll!OpenProcess                    7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceA                 77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceW                 77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] ADVAPI32.dll!CreateServiceW + 4             77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] WS2_32.dll!connect                          71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] WS2_32.dll!listen                           71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[304] SHELL32.dll!Shell_NotifyIconW               7CA31B6A 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[1404] kernel32.dll!FreeLibrary + 15            7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtEnumerateKey                                      7C91D94C 6 Bytes  PUSH 01412783; RET C:\WINDOWS\syss.dll
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtEnumerateValueKey                                 7C91D976 6 Bytes  PUSH 0141242E; RET C:\WINDOWS\syss.dll
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtQuerySystemInformation                            7C91E1AA 6 Bytes  CALL 3F9322D4 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtSetValueKey                                       7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtSetValueKey + 4                                   7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtWriteFile                                         7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ntdll.dll!NtWriteFile + 4                                     7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!LoadLibraryExW                                   7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!WriteProcessMemory                               7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!FreeLibrary + 15                                 7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] kernel32.dll!OpenProcess                                      7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceA                                   77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceW                                   77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] ADVAPI32.dll!CreateServiceW + 4                               77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] SHELL32.dll!Shell_NotifyIconW                                 7CA31B6A 6 Bytes  JMP 5F130F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] WS2_32.dll!connect                                            71A3406A 6 Bytes  JMP 5F1C0F5A 
.text           C:\PROGRA~1\INCRED~1\bin\IMApp.exe[1412] WS2_32.dll!listen                                             71A388D3 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateKey                                       7C91D94C 4 Bytes  [ 68, 83, 27, E6 ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateKey + 5                                   7C91D951 1 Byte  [ C3 ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateValueKey                                  7C91D976 4 Bytes  [ 68, 2E, 24, E6 ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtEnumerateValueKey + 5                              7C91D97B 1 Byte  [ C3 ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtQuerySystemInformation                             7C91E1AA 4 Bytes  CALL 3F92C7D4 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtQuerySystemInformation + 5                         7C91E1AF 1 Byte  [ C3 ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtSetValueKey                                        7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtSetValueKey + 4                                    7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtWriteFile                                          7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ntdll.dll!NtWriteFile + 4                                      7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] kernel32.dll!OpenProcess                                       7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceA                                    77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceW                                    77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] ADVAPI32.dll!CreateServiceW + 4                                77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\Programmi\Messenger\msmsgs.exe[1636] WS2_32.dll!connect                                             71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] WS2_32.dll!listen                                              71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programmi\Messenger\msmsgs.exe[1636] SHELL32.dll!Shell_NotifyIconW                                  7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!FreeLibrary + 15                              7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtEnumerateKey                                          7C91D94C 6 Bytes  PUSH 01552783; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtEnumerateValueKey                                     7C91D976 6 Bytes  PUSH 0155242E; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtQuerySystemInformation                                7C91E1AA 6 Bytes  CALL 3F9336D4 
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtSetValueKey                                           7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtSetValueKey + 4                                       7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtWriteFile                                             7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ntdll.dll!NtWriteFile + 4                                         7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!LoadLibraryExW                                       7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!WriteProcessMemory                                   7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!FreeLibrary + 15                                     7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] kernel32.dll!OpenProcess                                          7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceA                                       77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceW                                       77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] ADVAPI32.DLL!CreateServiceW + 4                                   77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\Programmi\WinRAR\WinRAR.exe[2836] SHELL32.dll!Shell_NotifyIconW                                     7CA31B6A 6 Bytes  JMP 5F130F5A 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateKey                    7C91D94C 4 Bytes  [ 68, 83, 27, DC ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateKey + 5                7C91D951 1 Byte  [ C3 ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateValueKey               7C91D976 4 Bytes  [ 68, 2E, 24, DC ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtEnumerateValueKey + 5           7C91D97B 1 Byte  [ C3 ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtQuerySystemInformation          7C91E1AA 4 Bytes  CALL 3F92BDD4 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtQuerySystemInformation + 5      7C91E1AF 1 Byte  [ C3 ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtSetValueKey                     7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtSetValueKey + 4                 7C91E7C0 2 Bytes  [ 17, 5F ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtWriteFile                       7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ntdll.dll!NtWriteFile + 4                   7C91E9F7 2 Bytes  [ 14, 5F ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!LoadLibraryExW                 7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!WriteProcessMemory             7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!FreeLibrary + 15               7C80ABF3 4 Bytes  [ 45, 54, EF, F4 ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] kernel32.dll!OpenProcess                    7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceA                 77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceW                 77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\DOCUME~1\TATI\IMPOST~1\Temp\Rar$EX00.406\gmer.exe[2880] ADVAPI32.dll!CreateServiceW + 4             77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateKey                                         7C91D94C 3 Bytes  [ 68, 83, 27 ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateKey + 4                                     7C91D950 2 Bytes  [ 02, C3 ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateValueKey                                    7C91D976 3 Bytes  [ 68, 2E, 24 ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtEnumerateValueKey + 4                                7C91D97A 2 Bytes  [ 02, C3 ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtQuerySystemInformation                               7C91E1AA 3 Bytes  CALL 3F93E1D4 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtQuerySystemInformation + 4                           7C91E1AE 2 Bytes  [ 02, C3 ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtSetValueKey                                          7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtSetValueKey + 4                                      7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtWriteFile                                            7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ntdll.dll!NtWriteFile + 4                                        7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!WriteProcessMemory                                  7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] kernel32.dll!OpenProcess                                         7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceA                                      77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceW                                      77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ADVAPI32.dll!CreateServiceW + 4                                  77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\system32\WgaTray.exe[3296] SHELL32.dll!Shell_NotifyIconW                                    7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ws2_32.dll!connect                                               71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\WgaTray.exe[3296] ws2_32.dll!listen                                                71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtEnumerateKey                                                 7C91D94C 6 Bytes  PUSH 01232783; RET C:\WINDOWS\syss.dll
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtEnumerateValueKey                                            7C91D976 6 Bytes  PUSH 0123242E; RET C:\WINDOWS\syss.dll
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtQuerySystemInformation                                       7C91E1AA 6 Bytes  CALL 3F9304D4 
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtSetValueKey                                                  7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtSetValueKey + 4                                              7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtWriteFile                                                    7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[3332] ntdll.dll!NtWriteFile + 4                                                7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!LoadLibraryExW                                              7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!WriteProcessMemory                                          7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] kernel32.dll!OpenProcess                                                 7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceA                                              77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceW                                              77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[3332] ADVAPI32.dll!CreateServiceW + 4                                          77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\Explorer.EXE[3332] SHELL32.dll!Shell_NotifyIconW                                            7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] WS2_32.dll!connect                                                       71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\Explorer.EXE[3332] WS2_32.dll!listen                                                        71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\service32.exe[3680] ntdll.dll!NtSetValueKey                                                 7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\service32.exe[3680] ntdll.dll!NtSetValueKey + 4                                             7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\WINDOWS\service32.exe[3680] ntdll.dll!NtWriteFile                                                   7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\service32.exe[3680] ntdll.dll!NtWriteFile + 4                                               7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\service32.exe[3680] kernel32.dll!LoadLibraryExW                                             7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\service32.exe[3680] kernel32.dll!WriteProcessMemory                                         7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\service32.exe[3680] kernel32.dll!OpenProcess                                                7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\service32.exe[3680] SHELL32.DLL!Shell_NotifyIconW                                           7CA31B6A 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceA                                             77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceW                                             77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\service32.exe[3680] ADVAPI32.dll!CreateServiceW + 4                                         77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateKey                7C91D94C 4 Bytes  [ 68, 83, 27, 92 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateKey + 5            7C91D951 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateValueKey           7C91D976 4 Bytes  [ 68, 2E, 24, 92 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtEnumerateValueKey + 5       7C91D97B 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtQuerySystemInformation      7C91E1AA 4 Bytes  CALL 3F9273D4 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtQuerySystemInformation + 5  7C91E1AF 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtSetValueKey                 7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtSetValueKey + 4             7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtWriteFile                   7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ntdll.dll!NtWriteFile + 4               7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!LoadLibraryExW             7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!WriteProcessMemory         7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] kernel32.dll!OpenProcess                7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceA             77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceW             77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] ADVAPI32.dll!CreateServiceW + 4         77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3700] SHELL32.dll!Shell_NotifyIconW           7CA31B6A 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateKey                7C91D94C 4 Bytes  [ 68, 83, 27, 91 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateKey + 5            7C91D951 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateValueKey           7C91D976 4 Bytes  [ 68, 2E, 24, 91 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtEnumerateValueKey + 5       7C91D97B 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtQuerySystemInformation      7C91E1AA 4 Bytes  CALL 3F9272D4 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtQuerySystemInformation + 5  7C91E1AF 1 Byte  [ C3 ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtSetValueKey                 7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtSetValueKey + 4             7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtWriteFile                   7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ntdll.dll!NtWriteFile + 4               7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!LoadLibraryExW             7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!WriteProcessMemory         7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] kernel32.dll!OpenProcess                7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceA             77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceW             77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] ADVAPI32.dll!CreateServiceW + 4         77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE[3708] SHELL32.dll!Shell_NotifyIconW           7CA31B6A 6 Bytes  JMP 5F130F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtEnumerateKey                                 7C91D94C 6 Bytes  PUSH 011F2783; RET C:\WINDOWS\syss.dll
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtEnumerateValueKey                            7C91D976 6 Bytes  PUSH 011F242E; RET C:\WINDOWS\syss.dll
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtQuerySystemInformation                       7C91E1AA 6 Bytes  CALL 3F9300D4 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtSetValueKey                                  7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtSetValueKey + 4                              7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtWriteFile                                    7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ntdll.dll!NtWriteFile + 4                                7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!LoadLibraryExW                              7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!WriteProcessMemory                          7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] kernel32.dll!OpenProcess                                 7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceA                              77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceW                              77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] ADVAPI32.dll!CreateServiceW + 4                          77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] WS2_32.dll!connect                                       71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] WS2_32.dll!listen                                        71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3820] SHELL32.dll!Shell_NotifyIconW                            7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtEnumerateKey                                         7C91D94C 6 Bytes  PUSH 01032783; RET C:\WINDOWS\syss.dll
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtEnumerateValueKey                                    7C91D976 6 Bytes  PUSH 0103242E; RET C:\WINDOWS\syss.dll
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtQuerySystemInformation                               7C91E1AA 6 Bytes  CALL 3F92E4D4 
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtSetValueKey                                          7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtSetValueKey + 4                                      7C91E7C0 2 Bytes  [ 20, 5F ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtWriteFile                                            7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] ntdll.dll!NtWriteFile + 4                                        7C91E9F7 2 Bytes  [ 1D, 5F ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!WriteProcessMemory                                  7C80220F 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] kernel32.dll!OpenProcess                                         7C8309E1 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceA                                      77FA7071 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceW                                      77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] ADVAPI32.dll!CreateServiceW + 4                                  77FA720D 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\system32\oodtray.exe[3936] SHELL32.dll!Shell_NotifyIconW                                    7CA31B6A 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] WS2_32.dll!connect                                               71A3406A 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\oodtray.exe[3936] WS2_32.dll!listen                                                71A388D3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtEnumerateKey                        7C91D94C 6 Bytes  PUSH 02042783; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtEnumerateValueKey                   7C91D976 6 Bytes  PUSH 0204242E; RET C:\WINDOWS\syss.dll
.text           C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] ntdll.dll!NtQuerySystemInformation              7C91E1AA 6 Bytes  CALL 3F93E5D4 
.text           C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[4016] kernel32.dll!CreateThread + 1A                  7C810651 4 Bytes  [ 07, EA, C3, 83 ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateKey                                          7C91D94C 4 Bytes  [ 68, 83, 27, 9F ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateKey + 5                                      7C91D951 1 Byte  [ C3 ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateValueKey                                     7C91D976 4 Bytes  [ 68, 2E, 24, 9F ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtEnumerateValueKey + 5                                 7C91D97B 1 Byte  [ C3 ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtQuerySystemInformation                                7C91E1AA 4 Bytes  CALL 3F9280D4 
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtQuerySystemInformation + 5                            7C91E1AF 1 Byte  [ C3 ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtSetValueKey                                           7C91E7BC 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtSetValueKey + 4                                       7C91E7C0 2 Bytes  [ 1A, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtWriteFile                                             7C91E9F3 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ntdll.dll!NtWriteFile + 4                                         7C91E9F7 2 Bytes  [ 17, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!LoadLibraryExW                                       7C801AF1 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!WriteProcessMemory                                   7C80220F 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[4032] kernel32.dll!OpenProcess                                          7C8309E1 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceA                                       77FA7071 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceW                                       77FA7209 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] ADVAPI32.dll!CreateServiceW + 4                                   77FA720D 2 Bytes  [ 11, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[4032] SHELL32.dll!Shell_NotifyIconW                                     7CA31B6A 6 Bytes  JMP 5F130F5A 

---- Devices - GMER 1.0.13 ----

Device          \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                                     82340B10

AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                                                                   [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE                                                        [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                                                                    [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                                     [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                                                                    [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION                                                        [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                                                          [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                                                                 [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                                                                   [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                                                            [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION                                                 [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION                                                   [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL                                                        [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL                                                      [B9B6BF76] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                                                           [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL                                                  [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                                                                 [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                                                             [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                                                                  [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT                                                          [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                                                           [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                                                             [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_POWER                                                                    [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL                                                           [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE                                                            [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                                                              [B9B6A812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                                                                [B9B6A812] aswMon2.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE                                                                  [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_READ                                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_WRITE                                                                  [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL                                                    [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                                [F87A52C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL                                                           [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY                                                           [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_POWER                                                                  [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA                                                            [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_READ                                                                  [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL                                               [F87A52C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_POWER                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA                                                           [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA                                                             [F87A58E6] aswTdi.SYS

Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ                                                               81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL                                                81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP                                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA                                                        81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA                                                          81EAD5B8
Device          \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP                                                                81EAD5B8
Device          \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ                                                           82229B58
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ                                                               81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL                                                81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP                                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA                                                        81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA                                                          81EAD5B8
Device          \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP                                                                81EAD5B8
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE                                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ                                                         81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA                                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA                                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN                                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP                                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA                                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA                                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP                                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA                                         81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE                                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ                                                         81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA                                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA                                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN                                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP                                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER                                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA                                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA                                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP                                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL                                   81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA                                         81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP                                                 81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL                                81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP                                                81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ                                               81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA                                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION                             81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL                                  81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL                                81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN                                           81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP                                            81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT                                    81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY                                       81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER                                              81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL                                     81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE                                      81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA                                        81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA                                          81FC4848
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP                                                81FC4848
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ                                                               81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL                                                81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP                                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA                                                        81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA                                                          81EAD5B8
Device          \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP                                                                81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ                                                               81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA                                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION                                             81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL                                                  81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL                                                81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN                                                           81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP                                                            81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT                                                    81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY                                                       81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER                                                              81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL                                                     81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE                                                      81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA                                                        81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA                                                          81EAD5B8
Device          \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP                                                                81EAD5B8
Device          \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ                                                       8206ACA0

AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_READ                                                                  [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_WRITE                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL                                               [F87A52C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY                                                          [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_POWER                                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA                                                           [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA                                                             [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_READ                                                                [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA                                                            [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA                                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION                                            [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION                                              [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL                                                   [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL                                                 [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL                                             [F87A52C0] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN                                                            [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP                                                             [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT                                                     [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY                                                        [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_POWER                                                               [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL                                                      [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE                                                       [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA                                                         [F87A58E6] aswTdi.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA                                                           [F87A58E6] aswTdi.SYS

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ                                          82374460
Device          \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ                                                82374460
Device          \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ                                                         82234368
Device          \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ                                                          8221AB40
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE                             82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE                              82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_READ                               82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE                              82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION                    82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA                           82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA                             82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS                      82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION           82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION             82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL                82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL                     82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL            82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN                           82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL                       82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP                            82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT                    82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY                     82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY                       82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER                              82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL                     82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE                      82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA                        82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA                          82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP                                82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE                                                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE                                       82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE                                                   82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ                                                    82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE                                                   82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION                                       82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION                                         82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA                                                82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA                                                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS                                           82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION                                82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION                                  82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL                                       82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL                                     82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL                                          82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                 82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN                                                82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL                                            82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP                                                 82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT                                         82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY                                          82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY                                            82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER                                                   82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL                                          82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE                                           82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA                                             82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA                                               82209530
Device          \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP                                                     82209530
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ                                         8221FF20
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ                                          8221FF20
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ                                              8221FF20
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ                                           8221FF20
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ                                          8221FF20
Device          \FileSystem\Cdfs \Cdfs IRP_MJ_READ                                                                     82217490

---- Modules - GMER 1.0.13 ----

Module          _________                                                                                              F8450000-F8468000 (98304 bytes)

---- Processes - GMER 1.0.13 ----

Process         C:\WINDOWS\service32.exe (*** hidden *** )                                                             3680                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             

---- Registry - GMER 1.0.13 ----

Reg             \Registry\MACHINE\SOFTWARE\6G98D2X74V                                                                  
Reg             \Registry\MACHINE\SOFTWARE\6G98D2X74V@6G98D2X74V                                                       0x41 0xE8 0x7B 0xAF ...
Reg             \Registry\MACHINE\SOFTWARE\6G98D2X74V@6G98D2X74V                                                       0x41 0xE8 0x7B 0xAF ...
Reg             \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@6G98D2X74V           C:\WINDOWS\service32.exe
Reg             \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected]      139D978DB8141BF80522B485F4CDA3327B1DF2D86E2C3A25A79206B6B814D302C767C86CDD15B02F40ADE07136E183C2B53D7645D98835C6C118FE18118531CC3C268ACBE8A8C3D102BEB44045BD877363FE926B129268F60EF13FC9F8472D17130A6D1B2FEB98B1F8E9136BCE749632DDFD1A733E73FADF2C5FAB42313552EA5796063AAC91BA53B697DFE1A5ACDA21DF266278AAE757619E742DE71E3FE801F5226D81FC60F5EFB10407084222429309B9C78B483F2D8CD095AC9A486C054BC15BBF3A64325BF345C1F433BEA4FD94DB4E27302ADEEFA80D7F9C29DD55F66BEDBF9DA0C575407EAEB39A2FD9178561BF4F635EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14079DB7CE019D40AA5C5D575E7D6A3B98086A5FBB9F3FA28C42F49AFB043E62E2A0543980208E0A76374E0491B0C700A2CA86C5429E42E8D480CF3D1F774342C0B5A15A6CAEA7C928B1884EF6322838B09CB771EE54B047C9D120EC58F63B09A5F81EC00C19C816BAF2AD9040245FFEE1153CC62D189F1BF43B7D043777E51B8B1ADA5DAE917B753B7868709F16DDA0F39F75C22FF70A95E4B121718B2265ABF03E8A33657F2DC33733842507C9F83CA7996971EA32CD3AAAA1EA3AEB5542465A7A855B8A7D2CAE4387F47D303
Reg             \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected]      320B135FB9F215962496B6E783B03974F0ACF531E080D43B26EB273181203F264C90102410F2384C28B1B70CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB34529DB7CE019D40AA5C470A981A9D0D6DBD3968FD05C6AF145B6BFD6C16416115A7EC5B7451ECC8296C72ADA7464DB3E283D34CE2ACC8517ECE161933427FBCCA0D0432C00029D1A0EC58754D230BD667847AC9447BF9762D044844D7176B874D466E1B30AE9722A2ADD8612970AF8F57CF259523911BFB2F74310DDCB34F8079DB381667982DFE00E0F805A027F64711E6707BC342520E140DA88E86E65A3D32C60F364AA941810A305E8957F082BBF8BB9E562D942AB370B1A8FC5EB69E265B79C4A185838D9797B7572BBB2DD58076BA93992CC30D445D374D1EB15B1379E0535214057CB304828551BA7A6D597D76BE57C8D041CDE9F667DACC11C011462FADD1DD7B1EB5DBAA9FE29B87F7D9EBE71A19FDEFAE23A55E81B4765208D7F137D202E1E0257B88F27E41C59AC807DA3C1128E420E3A4CAB8B6671D8D8488B5EE02C5166C8450C8C18B4A47AE0CF5ADEEDC7AC13F6DD002ADAC9FD7A1C0AB9D526EA3871E60E3AD00297D3E82A79E9BF82AA767EC0A0846EAFEAE50AD77298BDABD4754B712C89C9E2A7E6098A

---- Files - GMER 1.0.13 ----

ADS             C:\Documents and Settings\TATI\Preferiti\PIETRO\Sviluppare un ritratto in digitale :favicon            

---- EOF - GMER 1.0.13 ----
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 14:12   #17
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12
a proposito... nonn riesco a fare lao scan online di bitdefender perchè da il messaggio "impossibile copiare oscan81.ocx-x"... devo farlo in mod provvisoria o fare quache altra manovra?
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 17:12   #18
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
ok,ora avvia avenger con questo script:
Quote:
Files to delete:
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\service32.exe
Registry keys to delete:
HKLM\SOFTWARE\6G98D2X74V
Registry values to delete:
HKLM\\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 6G98D2X74V
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 17:33   #19
slucc
Junior Member
 
Iscritto dal: Oct 2007
Messaggi: 12

Fatto anche avenger ed in effetti dopo il riavvio non ho più avuto il mex si avast sul dialer..... Cosa devo fare ora? Sono a posto? Mi consiglite una scansione o altri programmi da usare?
.....ragazzi siete stati FANTASTICI...!!!!
slucc è offline   Rispondi citando il messaggio o parte di esso
Old 28-10-2007, 17:34   #20
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29028
nulla,ora devi solo goderti il tuo pc

anzi...se volessi inviarmi il file zippato contenuto in c:\avenger per email te ne sarei grato
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

Recensione Xiaomi Pad 8 Pro: potenza bruta e HyperOS 3 per sfidare la fascia alta Recensione Xiaomi Pad 8 Pro: potenza bruta e Hyp...
NZXT H9 Flow RGB+, Kraken Elite 420 e F140X: abbiamo provato il tris d'assi di NZXT NZXT H9 Flow RGB+, Kraken Elite 420 e F140X: abb...
ASUS ROG Swift OLED PG34WCDN recensione: il primo QD-OLED RGB da 360 Hz ASUS ROG Swift OLED PG34WCDN recensione: il prim...
Recensione Nothing Phone (4a) Pro: finalmente in alluminio, ma dal design sempre unico Recensione Nothing Phone (4a) Pro: finalmente in...
WoW: Midnight, Blizzard mette il primo, storico mattone per l'housing e molto altro WoW: Midnight, Blizzard mette il primo, storico ...
Unitree H1: il robot umanoide vicino al ...
GPU esterne: PCI-SIG porta le prestazion...
Per Lenovo i giocatori sono ricchi: Legi...
Polaroid lancia la nuova stampante Hi-Pr...
Da Kyndryl un gemello digitale per il di...
La Cina si prepara a una nuova missione ...
Climatizzatore Inverter A++ con Wi-Fi a ...
NZXT Flex, lo 'scandalo' del PC gaming a...
Robot lavavetri in offerta su Amazon: EC...
Attenti a questo update fake di Windows ...
NIO chiede la standardizzazione di batte...
Da 80 mesi-uomo a poche ore: l'AI cambia...
In 2 settimane senza social il cervello ...
Amazon top 7 di oggi: 2 portatili intere...
SteamGPT trapela dal client Steam: ecco ...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 22:01.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Served by www3v