cavallo di troia lpt7.exe lpt3.exe

[U008351]

qualcuno mi aiuta?
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-21 21:58:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[152] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00E73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\iTunes\iTunesHelper.exe[192] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00FC3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\McAfee.com\VSO\oasclnt.exe[204] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00C53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE[224] WS2_32.dll!connect 71A3406A 5 Bytes JMP 008F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[244] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text H:\gmer.exe[3880] WS2_32.dll!connect 71A3406A 5 Bytes JMP 010A3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86783378
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86106860
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 862024B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862024B8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86736298
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 862024B8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862024B8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86202BD0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 86202BD0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION

[Luke57]

Ciao, il log è incompleto. Posta anche il log di Gmer fatto dalla posizione Autostart (non spuntare la casella show all).
P.S. Continua qui la discussione, non aprire un altro post (devi scegliere rispondi per continuare).

[U008351]

copia l'intero file di gmer sia in rootkit che in autostart lo incollo alla messaggio, che riesco a leggere nella sua interezza, ma una volta inviato sul forum viene tagliata una buona parte. cosa sbaglio?!

[Luke57]

Ciao,non sbagli niente, è troppo lungo per entrare ìin un post.
Inserisci in un post le ultime righe del report Rootkit e tutto l'Autostart (eseguilo senza spuntare show all, altrimenti risarai punto e a capo).

[U008351]

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-27 18:51:38
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
McDetect.exe /*McAfee WSC Integration*/@ = c:\programmi\mcafee.com\agent\mcdetect.exe
McShield /*McAfee.com McShield*/@ = c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MpfService /*McAfee Personal Firewall Service*/@ = C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvOsk /*SrvOsk*/@ = "\\?\C:\Programmi\Windows NT\lpt7.exe"
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WebPye /*WebPye*/@ = "\\?\C:\Programmi\File comuni\Services\lpt3.exe"
WinEhh /*WinEhh*/@ = "\\?\C:\Programmi\File comuni\System\lpt7.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPC:\Programmi\Analog Devices\Core\smax4pnp.exe = C:\Programmi\Analog Devices\Core\smax4pnp.exe
@SunJavaUpdateSchedC:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe = C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
@ /*file not found*/ = /*file not found*/
@IntelMeMC:\Programmi\Intel\Modem Event Monitor\IntelMEM.exe = C:\Programmi\Intel\Modem Event Monitor\IntelMEM.exe
@DVDLauncher"C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe" = "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
@VSOCheckTask"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExec:\PROGRA~1\mcafee.com\agent\mcupdate.exe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@UpdateManager"C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r = "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
@DMXLauncherC:\Programmi\Dell\Media Experience\DMXLauncher.exe = C:\Programmi\Dell\Media Experience\DMXLauncher.exe
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@VirusScan OnlineC:\Programmi\McAfee.com\VSO\mcvsshld.exe = C:\Programmi\McAfee.com\VSO\mcvsshld.exe
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
@HPHUPD05C:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe = C:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
@HP Component Manager"C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
@HP Software Update"C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" = "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
@HPHmon05C:\WINDOWS\system32\hphmon05.exe = C:\WINDOWS\system32\hphmon05.exe
@Camera DetectorC:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE = C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
@InstantAccessC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h = C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
@RegisterDropHandlerC:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@OASClntC:\Programmi\McAfee.com\VSO\oasclnt.exe = C:\Programmi\McAfee.com\VSO\oasclnt.exe
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
RunServices@RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Programmi\Sonic\RecordNow!\shlext.dll = C:\Programmi\Sonic\RecordNow!\shlext.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{990a81a0-b289-11cf-a800-00a0c903a2a6} /*Cryptext*/C:\WINDOWS\system32\ShellExt\Cryptext.dll = C:\WINDOWS\system32\ShellExt\Cryptext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\system32\ShellExt\Cryptext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\system32\ShellExt\Cryptext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\system32\ShellExt\Cryptext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00A6FAF1-072E-44cf-8957-5838F569A31D}C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL = C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{07B18EA1-A523-4961-B6BB-170DE4475CCA}C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL = C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{5D945E9A-DC10-4670-83EB-99DAA616628A}C:\WINDOWS\system32\Suchspur.dll = C:\WINDOWS\system32\Suchspur.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar4.dll = c:\programmi\google\googletoolbar4.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\SSMYPICS.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Start Pagehttp://www.msn.it/ = http://www.msn.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/x-internet-signup@CLSID = C:\Programmi\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\campanale\Menu Avvio\Programmi\Esecuzione automatica >>>
DESKTOP.INI = DESKTOP.INI
reminder-Registrazione del prodotto Scansoft.lnk = reminder-Registrazione del prodotto Scansoft.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
DESKTOP.INI = DESKTOP.INI
EPSON SMART PANEL for Scanner.lnk = EPSON SMART PANEL for Scanner.lnk

---- EOF - GMER 1.0.12 ----

[U008351]

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-27 19:04:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[148] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01C63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\McAfee.com\VSO\oasclnt.exe[180] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00D53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\iTunes\iTunesHelper.exe[188] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00F83E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE[208] WS2_32.dll!connect 71A3406A 5 Bytes JMP 008F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[228] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!SetWindowLongA 77D1D60D 5 Bytes JMP 7E38C60B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!SetWindowLongW 77D1D62B 5 Bytes JMP 7E38C63C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[1784] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01B43E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[1872] WS2_32.dll!connect 71A3406A 5 Bytes JMP 012E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\Intel\Modem Event Monitor\IntelMEM.exe[1912] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00AE3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe[1920] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\McAfee.com\Agent\mcagent.exe[1936] WS2_32.dll!connect 71A3406A 5 Bytes JMP 014E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text H:\gmer.exe[3712] WS2_32.dll!connect 71A3406A 5 Bytes JMP 010A3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3780] WS2_32.dll!connect 71A3406A 5 Bytes JMP 01203E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86783378
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86125AF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861CC3B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86211CE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 861CC3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT

[U008351]

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_READ 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_WRITE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_EA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FLUSH_BUFFERS 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DIRECTORY_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLEANUP 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_MAILSLOT 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_SECURITY 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CHANGE 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_QUOTA 861EB668
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 861EB668
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 861CC3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 861CC3B0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86054C28
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86205E08
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86205E08
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 865852F0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 865EBB10
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_READ 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLOSE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_READ 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_WRITE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_POWER 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 861CB4D0
Dev

[U008351]

Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLOSE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_READ 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_WRITE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_EA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_POWER 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 861CB4D0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP 861CB4D0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86125AF0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 865DF400
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ED18B701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 865DF400
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ED18B701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 865DF400
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ED18B701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 865DF400
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ED18B701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 865DF400
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [ED18B701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86200DF8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [ED18B89D] tfsnifs.sys

---- Modules - GMER 1.0.12 ----

Module _________ F778F000

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\NTUSER.DAT:SummaryInformation
ADS C:\Documents and Settings\All Users\NTUSER.DAT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\01\12-{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}-v1-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\11\11-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v11-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\12\12-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v12-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\13\13-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v13-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\13\13-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v13-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\13\13-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v13-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\14\14-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v14-{14EABC06-74E1-4D73-A4F6-18FD5ACB080E}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\14\14-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v14-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\alfre46@hotmail.it\DFSR\Staging\CS{A72DB0D2-4686-D13A-A15A-6BE43D2E91C9}\14\14-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v14-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\bonzo23@hotmail.it\DFSR\Staging\CS{476BF8A3-E763-280D-0B2E-D2C7ED971B1E}\01\15-{476BF8A3-E763-280D-0B2E-D2C7ED971B1E}-v1-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\raffaelez@hotmail.it\DFSR\Staging\CS{83554A51-DA47-31E4-DF53-382B517E5AA2}\01\10-{83554A51-DA47-31E4-DF53-382B517E5AA2}-v1-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\campanale\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kobe-25@hotmail.it\SharingMetadata\simy.stellina88@hotmail.it\DFSR\Staging\CS{502BBE57-F903-38AE-A2D4-AD79CB26659A}\01\11-{502BBE57-F903-38AE-A2D4-AD79CB26659A}-v1-{51C85F70-3167-4DA3-A7BE-E9370A15D575}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

[Luke57]

Ciao, evidentemente non hai letto ciò che avevo scritto.

Comunque, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip

e scompattalo nel destop

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (CTRL+V) le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\WebPye
HKLM\SYSTEM\CurrentControlSet\Services\WinEhh
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | MyWebSearch Email Plugin

Folders to delete:
C:\Programmi\MyWebSearch

Files to delete:
C:\Programmi\File comuni\Services\lpt3.exe
C:\Programmi\File comuni\System\lpt7.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script

Poi, scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i due report delle scansioni.

[U008351]

ti indico dove sono allocati i virus:
c:\programmi\window nt\lpt7.exe
c:\programmi\file comuni\services\lpt3.exe
c:\programmi\file comuni\system\lpt7.exe

[Luke57]

Ciao, scusami ma sembra un dialogo tra sordi, io suggerisco a tu rispondi b
Ho già visto dove sono i file, devi seguire i suggerimenti altrimenti abbandono la discussione per sfinimento

[U008351]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\foywycwe

*******************

Script file located at: japkuhvh

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

[Luke57]

Ciao, ripeti lo script, ha dato errore.

[U008351]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ypgauopr

*******************

Script file located at: \??\C:\WINDOWS\system32\rcxlyygu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\WebPye not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WebPye failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WebPye
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\WinEhh not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WinEhh failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WinEhh
Status: 0xc0000034

Folder C:\Programmi\MyWebSearch deleted successfully.


File C:\Programmi\File comuni\Services\lpt3.exe not found!
Deletion of file C:\Programmi\File comuni\Services\lpt3.exe failed!

Could not process line:
C:\Programmi\File comuni\Services\lpt3.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\lpt7.exe not found!
Deletion of file C:\Programmi\File comuni\System\lpt7.exe failed!

Could not process line:
C:\Programmi\File comuni\System\lpt7.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


ti allego anche gli script di GROMOZON E SYMANTEC, PERCHE' LI AVEVO GIA' LANCIATI. DIMMI SE LO DEVO RIFARE!
Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: WinEhh (logon as: .\RcMRkfQmLqZtVX, passed filters)
service: WinEhh (file path: \\?\C:\Programmi\File comuni\System\lpt7.exe - infected)
file: \\?\C:\Programmi\File comuni\System\lpt7.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WinEhh\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WinEhh\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WinEhh (key deleted)
reg: ...\SpecialAccounts\UserList\RcMRkfQmLqZtVX (value deleted)
folder: \\?\C:\Documents and Settings\RcMRkfQmLqZtVX (deleted)
user: RcMRkfQmLqZtVX (deleted)


C:\Programmi\File comuni\Services\lpt3.exe: (deleted)
C:\Programmi\Windows NT\lpt7.exe: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 72948
The number of deleted threat files: 3
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon Removed!

[U008351]

il mio antivirus non rileva piu' nulla. grazie per la enorme pazienza.
un'ultima richiesta (sic!)
all'avviio il mio computer su shermata nera si blocca su:
floppy diskette seek failure - stike f1 to continue, f2 to run the set up utility. Dopo F1 procede con l'avvio completo.

E' un problema! Devo preoccuparmi!?