Xnder

Ottimo Kuma. Grazie infinitamente. Senza di voi non saprei come fare!! Buon Weekend e complimenti per la vostra opera di volontariato! ciao!

Al click sulla chiave le informazioni che appaiono a destra sono: tipo: reg_sz dati: (valore non impostato) solo questo. Come faccio a creare un punto di ripristino? Se le elimino cosi come sono che succede? Grazie ragazzi ciao!

Salve a tutti di nuovo, sbirciando ra le chiavi di registro ho notato questo: chiavi rinominate con caratteri strani avete mica una mezza idea di cosa si tratti? Procedo all'eliminazione o lascio tutto cosi com'è?Dove altro posso andare a cercare nel registro per esser sicuro di nn lasciare tracce (nel caso fosse un virus)? Grazie!

Grazie Kuma, faccio come mi hai detto. :up1:

Ciao a tutti, grazie ai vostri consigli non ho più avuto problemi con il rootkit e il resto della robaccia!!! Ritorno alla carica con un altro problemuccio, io mi riaccodo nel mio stesso topic (ditemi se è necessario che apra un altro!). Da un po' ricevo questo messaggio all'avvio di firefox: Non ho avuto grossi problemi fino a che non ho provato a scaricare il tool anti phishing di firefox. Firefox non mi permetteva di connettermi al sito perchè secondo lui ho l'SSL disattivato Spulciando un po' nelle impostazioni avanzate ho visto che nella sottocartella "Cifratura", ho entrambi i protocolli SSL 3.0 e TLS 1.0 selezionati! Dove può essere il problema? Grazie ancora! :omaggi:

Aspetto anche un consiglio di Kuma :up1: Grazie ancora per il disturbo.

Ho eliminato tutto ciò che mi avete detto. Virit mi ha segnalato una .sys nella scansione della memoria... Una domanda: In questo percorso HKEY_LOCAL_MACHINE \Software \Microsoft \WindowsNT \CurrentVersion\Image File Execution Options \explorer.exe non c' è un "explorer.exe", ma ci sono altri .exe: _INSTPGM.EXE cqw32.exe front.exe install.exe photohse.exe printhse.exe prwin8.exe ps80.exe mngreg32.exe psdmt.exe qfinder.exe qpw.exe setup.exe sevinst.exe ua80.exe wpwin8.exe xwsetup.exe Sulla destra per alcune di queste compare la scritta (Nome) ApplicationGoo REG_BINARY 14 02 00 00 10 00 00 00 02 00 00 .... non so, è normale? secondo: avenger non riesce ad eliminarmi i file tmp che iniziano per "~"... non posso nemmeno trascinarlo in una cartella perchè dice che il file è in uso da un altro programma! Adesso che altro devo controllare?

---- Modules - GMER 1.0.10 ---- Module _________ F7421000 SSDT d347bus.sys ZwCreatePagingFile SSDT d347bus.sys ZwSetSystemPowerState SSDT kl1.sys ZwOpenFile ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Autostart 2007-06-02 13:14:34 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe, @ShellExplorer.exe = Explorer.exe @System = @UIHostlogonui.exe = logonui.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> AtiExtEvent@DLLName = Ati2evxx.dll crypt32chain@DLLName = crypt32.dll cryptnet@DLLName = cryptnet.dll cscdll@DLLName = cscdll.dll IntelWireless@DLLName = C:\Programmi\Intel\Wireless\Bin\LgNotify.dll klogon@DLLName = C:\WINDOWS\system32\klogon.dll ScCertProp@DLLName = wlnotify.dll Schedule@DLLName = wlnotify.dll sclgntfy@DLLName = sclgntfy.dll SensLogn@DLLName = WlNotify.dll termsrv@DLLName = wlnotify.dll wlballoon@DLLName = wlnotify.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = HKLM\SYSTEM\CurrentControlSet\Services\ >>> Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs AVP /*Active Virus Shield*/@ = "D:\Programmi D\Active Virus Shield\avp.exe" -r BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Irmon /*Monitor infrarossi*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService OwnershipProtocol /*OwnershipProtocol*/@ = C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs STI Simulator /*STI Simulator*/@ = C:\WINDOWS\System32\PAStiSvc.exe stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @HControlC:\WINDOWS\ATK0100\HControl.exe = C:\WINDOWS\ATK0100\HControl.exe @RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE @ASUS Live UpdateC:\Programmi\ASUS\ASUS Live Update\ALU.exe = C:\Programmi\ASUS\ASUS Live Update\ALU.exe @Power_GearC:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ = C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ @Wireless ConsoleC:\Programmi\ASUS\Wireless Console\wcourier.exe = C:\Programmi\ASUS\Wireless Console\wcourier.exe @SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe @SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe @ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe @ /*file not found*/ = /*file not found*/ @IntelWirelessC:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless = C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless @EOUAppC:\Programmi\Intel\Wireless\Bin\EOUWiz.exe = C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe @SunJavaUpdateSchedC:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe = C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @RemoteControl"D:\Programmi D\ASUSTek\ASUSDVD\PDVDServ.exe" = "D:\Programmi D\ASUSTek\ASUSDVD\PDVDServ.exe" @QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime /*file not found*/ = "C:\Programmi\QuickTime\qttask.exe" -atboottime /*file not found*/ @aol"D:\Programmi D\Active Virus Shield\avp.exe" = "D:\Programmi D\Active Virus Shield\avp.exe" @VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>> @PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll @UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>> @{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L HKLM\Software\Classes\ >>> .exe@ = "%1" %* .com@ = "%1" %* .cmd@ = "%1" %* .bat@ = "%1" %* .pif@ = "%1" %* .scr@ = "%1" /S .hta@ = C:\WINDOWS\system32\mshta.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl @{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll @{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll @{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll @{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll @{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll @{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll @{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll @{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll @{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll @{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll @{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll @{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) = @{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll @{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll @{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) = @{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll @{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll @{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll @{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll @{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll @{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll @{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll @{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll @{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl @{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) = @{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll @{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll @{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = @{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) = @{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll @{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll @{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll @{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll @{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll @{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll @{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll @{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll @{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll @{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi D\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi D\Microsoft Office\OFFICE11\msohev.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi D\WinRAR\rarext.dll = D:\Programmi D\WinRAR\rarext.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi D\Active Virus Shield\shellex.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi D\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi D\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi D\Active Virus Shield\shellex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi D\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.asus.com = http://www.asus.com @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/ HKLM\Software\Classes\PROTOCOLS\Filter\ >>> Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll deflate@CLSID = C:\WINDOWS\system32\urlmon.dll gzip@CLSID = C:\WINDOWS\system32\urlmon.dll lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> about@CLSID = %SystemRoot%\system32\mshtml.dll cdl@CLSID = C:\WINDOWS\system32\urlmon.dll dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll file@CLSID = C:\WINDOWS\system32\urlmon.dll ftp@CLSID = C:\WINDOWS\system32\urlmon.dll gopher@CLSID = C:\WINDOWS\system32\urlmon.dll http@CLSID = C:\WINDOWS\system32\urlmon.dll https@CLSID = C:\WINDOWS\system32\urlmon.dll its@CLSID = C:\WINDOWS\system32\itss.dll javascript@CLSID = %SystemRoot%\system32\mshtml.dll livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL local@CLSID = C:\WINDOWS\system32\urlmon.dll mailto@CLSID = %SystemRoot%\system32\mshtml.dll mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll mk@CLSID = C:\WINDOWS\system32\urlmon.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL res@CLSID = %SystemRoot%\system32\mshtml.dll sysimage@CLSID = %SystemRoot%\system32\mshtml.dll tv@CLSID = C:\WINDOWS\system32\msvidctl.dll vbscript@CLSID = %SystemRoot%\system32\mshtml.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>> 000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll 000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll Allora, scrivo tutte le cartelle che ho trovato(riporto i nomi tali e quali, corsivo e stampatello, quelle in stampatello hanno anche altre sottocartelle, le tre in corsivo (sospette) no): ACCESSIBILITY BROWSE CRYPTO HTTP JAVA_SUN JAVA_VM Kcckc Kowko Kzckc MULTIMEDIA PRINT SEARCHING Common files Dreamweaver Extension Manager Fireworks Flash Flash Player FreeHand ShockPlayer32 Shockwave 10 Studio MX xpt MID Ne ho trovate una valanga! Vi posto il log che ho ottenuto da “Avanzate\visualizza registro” Avviato alle 02/06/2007 12.35.41 "evfyq.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "uwcdmz.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "utfvh.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "sgw.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "lgcas.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "chc.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "hlzkzmal.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "grblx.job" (systqsqx.exe) Avviata 02/06/2007 12.35.41 "wvi.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "yrmvoz.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "hkprwwnq.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "kscgj.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "fgktee.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "cexhy.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "mfbplmi.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "qxsagh.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "beid.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "lbrzl.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "lorceqy.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "jffaw.job" (systqsqx.exe) Avviata 02/06/2007 12.35.42 "bmwhx.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "ywd.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "bgejndj.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "hxsxwtoz.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "zrtqdba.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "hjgjt.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "hgy.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "bytl.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "nsuzqz.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "bbpxa.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "lvcpn.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "jwlg.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "yupxeg.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "dzlfsg.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "qld.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "paciujj.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "dcg.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "zrnr.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "fmeb.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "rgyryb.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "ofdjrims.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "ievew.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "htfrinpx.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "ypbwrdlq.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "ivk.job" (systqsqx.exe) Avviata 02/06/2007 12.35.43 "imulhuyy.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "pzd.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "eirtd.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "jhtiqpf.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "kczxo.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "uqplamo.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "xcfobed.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "oag.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "ddvlahvt.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "awihx.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "oez.job" (systqsqx.exe) Avviata 02/06/2007 12.35.44 "uwcdmz.job" (systqsqx.exe) Terminata 02/06/2007 12.35.45 Esito: Operazione completata con un codice di uscita (0). "utfvh.job" (systqsqx.exe) Terminata 02/06/2007 12.35.46 Esito: Operazione completata con un codice di uscita (0). "sgw.job" (systqsqx.exe) Terminata 02/06/2007 12.35.46 Esito: Operazione completata con un codice di uscita (0). "lgcas.job" (systqsqx.exe) Terminata 02/06/2007 12.35.46 Esito: Operazione completata con un codice di uscita (0). "chc.job" (systqsqx.exe) Terminata 02/06/2007 12.35.46 Esito: Operazione completata con un codice di uscita (0). "hlzkzmal.job" (systqsqx.exe) Terminata 02/06/2007 12.35.47 Esito: Operazione completata con un codice di uscita (0). "grblx.job" (systqsqx.exe) Terminata 02/06/2007 12.35.48 Esito: Operazione completata con un codice di uscita (0). "wvi.job" (systqsqx.exe) Terminata 02/06/2007 12.35.48 Esito: Operazione completata con un codice di uscita (0). Tutti collegati a questo processo c:\windows\system32\systqsqx.exe

Ecco tutto ragazzi, ci ho messo un po’ ma ce l’ho fatta. Ho fatto lo scan con GMer (che ringraziando il cielo nn mi ha dato problemi) e qui sotto ho riportato i due log Poi ho seguito l’altro consiglio e ho fatto un po’ di ricerche nelle chiavi di registro, il responso è in fondo. p.s: in documents and settings\mio profilo\ ho trovato un file senza nome con questa estensione: .$$$ ################################################################################### GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2007-06-02 13:13:29 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] ---- Devices - GMER 1.0.10 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8629F2E0 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8629F2E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8629E2B0 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8629E2B0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLEANUP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLOSEIRP_MJ_READ 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_PNP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_PNP_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SHUTDOWN 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_WRITE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CLEANUP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CLOSEIRP_MJ_READ 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE_MAILSLOT 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE_NAMED_PIPE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CHANGE 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DIRECTORY_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_FLUSH_BUFFERS 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_LOCK_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_PNP 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_PNP_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_POWER 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_EA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_QUOTA 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_SECURITY 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_VOLUME_INFORMATION 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SHUTDOWN 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 862B0008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_WRITE 862B0008 Device \Driver\USBSTOR \Device\00000099 IRP_MJ_SHUTDOWN [F761D8B4] sfsync02.sys Device \Driver\USBSTOR \Device\0000009a IRP_MJ_SHUTDOWN [F761D8B4] sfsync02.sys ###################################################################################

Proverò tutte le procedure appena rientro a casa, poi appena troverò una postazione vi aggiornerò. Ieri sera ho provato a riconnettermi e... avete presente la finestra azzurra che di solito appare quando si termina la sessione di windows("Standby" "Spegni" "Riavvia")? Ecco, prima mi è apparso un messaggio che mi avvisava che non avevo l'abilitazione ad eseguire certe operazioni in quanto non amministratore di sistema; e poi mi è apparsa la finestrella azzurra con due icone anzichè tre ed una era la "chiave nel quadrato giallo" con la scritta "disconnetti" e un'altra erano "due frecce con verso opposto in un quadrato verde" con la scritta cambia utente mi pare, o qualcosa del genere... Attacco Hacker? Intanto provo le vostre procedure, poi vediamo se c'è verso di risolvere anche questa bega....

News: http://www.virit.com/startup/scheda.asp?num=3484 su virit hanno da giorni analizzato il trojan che ho io... questo maledetto esce dalla porta e rientra dalla finestra... Ragazzi con GMER mi è già crashato il sistema una volta, che faccio riprovo?

in una finestra di controllo di processi all'avvio di virit (che non riesco più a vedere), c'è un processo che si avvia dalla cartella system: systqsqx.exe

Il tempo di scaricare la posta da outlook e ... tac... ragazzi io mi suicido, stesse labbra rosse in temp contornata da un paio di tmp DF..., insomma i soliti... mi devo suicidare? Qui c'è il log di virit... ho pure riavviato il rustock b cleaner e il log pelog è pulito. VirIT eXplorer Lite Log [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 29/05/2007 - 16:15:11 [sCANSIONE DEL REGISTRO] OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\Temp\gsmzca.exe Infetto da Trojan.Win32.Dialer.IH Il file sarà spostato nella cartella di quarantena. [D:] MASTER BOOT RECORD: OK BOOT SECTOR: OK D:\Programmi D\Hijackthis\backups\backup-20070520-185924-789-rthz.exe Infetto da Trojan.Win32.Small.PY * * * RIMOSSO * * * D:\Programmi D\Hijackthis\backups\backup-20070520-185924-893-crgkhpn.exe Infetto da Trojan.Win32.Small.PY * * * RIMOSSO * * *

La cartella temp non esiste più sotto windows... devo ricrearla a mano? i file temp me li rimette dentro windows senza cartella... e tra l'altro imette gli stessi files temp di prima <_<

Vi devo una birra ragazzi! E Wininizio entrerà nei preferiti. Incrocio le dita e spero di non avere più problemi, ci ho perso una giornata. Grazie ancora. Che firewall posso installare?