Condividi:        

Sto impazzendo...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Sto impazzendo...

Postdi frocco » 15/08/06 22:59

Ciao a tutti ho un problema molto fastidioso nel navigare... appena apro Internet Explorer mi si aprono delle finestre di popup con pubblicita'... Facendo una scansione con HijackThis ho notato che ci sono delle strane voci:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF} - C:\WINDOWS\ylwvx1.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68

Le ho provato ad eliminare ma appena mi ricollego ad internet riappaiono le maledette.Cmq allego il log per vedere se qualche esperto mi puo' dare una mano.Forse c'e' qualche altra voce che mi sfugge...Cmq secondo me appena mi connetto ad internet ho l'impressione che venga reindirizzato a qualche server (presumo quello nella 17 voce sopra...) . Premetto che ho fatto scansioni con vari antivirus e antispyware (Spywaredoctor,Spybot ecc.) ma non ho ottenuto nessun risultato.

Grazie a tutti per l'eventuale aiuto ;)

Logfile of HijackThis v1.99.1
Scan saved at 23.46.09, on 15/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Programmi\Finson\ILM\Ilm.exe
C:\Programmi\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\Creative\DVDAudio\CTDVDDET.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TBPanel.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Software Bluetooth\BTTray.exe
C:\Programmi\SAGEM\SAGEM F@st 800\dslmon.exe
C:\Programmi\TurboLaunch\TurboLaunch.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\haj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.97.21.81:1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF} - C:\WINDOWS\ylwvx1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programmi\rivatuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GAINWARD] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Collegamento a emule.lnk = G:\Emule\emule.exe
O4 - Startup: Copia di Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe
O4 - Startup: TurboLaunch.lnk = C:\Programmi\TurboLaunch\TurboLaunch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Infobel License Manager (ILM) - Unknown owner - C:\Programmi\Finson\ILM\Ilm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Sponsor
 

Postdi Luke57 » 16/08/06 06:58

Ciao, puoi fare queste verifiche?
Da risorse del computer>pannello di controllo>installazioni/applicazioni, verifica la presenza di LinkOptimizer; se ci fosse non provare a disistallarlo.

Da
start>esegui>control userpassword2>OK
nella finestra Account Utente, verifica le utenze (Administrators, Utente, Aspnet sono regolari), se la trovi una con nome casuale, tipo XPGZQ e via dicendo comunicalo nel forum.


Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer.
Apri il programma (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected)

Fammi sapere se la disistallazione è riuscita

Poi, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Incolli il log gemerato in un blocco notes.

Con la stessa procedura fai una scnasione nella posizione Autostart, la copi e incolli nel suddetto foglio di testo.

Incolli il tutto in un nuovo post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi frocco » 16/08/06 13:27

Grazie mille delle risposte Luke57 ;) ... ora sono al lavoro... appena rientro stasera mi fiondo sul pc e faccio le operazioni che mi hai descritto :) ... spero che riesca a risolvere perche' sono settimane che cerco una soluzione... grazie ancora per la diponibilita'... ho appena conosciuto questo forum e mi sono reso conto subito della disponibilta' e bravura del vostro team :P
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi frocco » 16/08/06 21:31

Ho appena terminato quello che mi hai consigliato di fare Luke57... hai perfettamente ragione e' tutto come hai pronosticato... nel pannello utente c'e solo il mio profilo ma LinkOptimizer e' installato nel sistema...cosi' con MyUnistaller lo ho eliminato e ho fatto le 2 scansioni con Gmer che ho notato mi segnalava qualcosa di anomalo... ecco i rispettivi log Rootkit e Autostart.


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-16 22:18:24
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose
SSDT 85A302D8 ZwConnectPort
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT 863D1AA0 ZwOpenProcess
SSDT 869F1318 ZwOpenThread
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FA5708
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86D537C0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 86E03458
Device \FileSystem\vobiw \vobIW IRP_MJ_CREATE 864A2DD8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 86E03458
Device \Driver\NetBT \Device\NetBT_Tcpip_{DDE601B4-EC36-4C1D-A8D2-2449F049D625} IRP_MJ_CREATE 85EAE0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86FA6390
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86FA6390
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86FA6390
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86FA6390
Device \Driver\NetBT \Device\NetBT_Tcpip_{8859C497-CCAF-439C-B7CA-4D99B309F939} IRP_MJ_CREATE 85EAE0E8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1739450
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86FA6648
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86FA6648
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86E10008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 86E10008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85A294B8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 863CD330
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 863CD330
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 86FA6648
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86E10008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 86E10008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 86D84E60
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 86D84E60
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 86FA6648
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86E10008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 86E10008
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 86FA6648
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CREATE 86FA6648
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E161B5B0
Device \Driver\00000066 \Device\00000077 IRP_MJ_SYSTEM_CONTROL [F7586A26] sptd.sys
Device \Driver\00000066 \Device\00000077 IRP_MJ_DEVICE_CHANGE [F759ABD8] sptd.sys
Device \Driver\00000066 \Device\00000077 IRP_MJ_PNP_POWER [F759354E] sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85EAE0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85EAE0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F9482DB6-B478-4EBC-935C-4785097EBB7C} IRP_MJ_CREATE 85EAE0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86FA5940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 86FA5940
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85A3C3C0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85A3C3C0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85A37CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 85A37CF0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 863CAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 863CAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 863CAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86496D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 863CAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 863CAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 863CAEB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86FA6648
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8648B450
Device \Driver\NetBT \Device\NetBT_Tcpip_{0BDE4542-85C0-4724-B8A5-F77B03832662} IRP_MJ_CREATE 85EAE0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 86C47950
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 86FA5BF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_NAMED_PIPE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSEIRP_MJ_READ 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_WRITE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_EA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_EA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FLUSH_BUFFERS 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_VOLUME_INFORMATION 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DIRECTORY_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_LOCK_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLEANUP 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_MAILSLOT 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_SECURITY 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_SECURITY 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CHANGE 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_QUOTA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_QUOTA 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86C47950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP_POWER 86C47950
Device \FileSystem\vobiw \UDFFileSys IRP_MJ_CREATE 864A2DD8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86D537C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86E03D48
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\ylwvx1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [536] 0x014B0000 <-- ROOTKIT !!!
Library C:\WINDOWS\ylwvx1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1364] 0x10000000 <-- ROOTKIT !!!

---- Modules - GMER 1.0.10 ----

Module _________ F74B7000

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\ylwvx1.dll

---- EOF - GMER 1.0.10 ----





Log autostart



GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-16 22:20:06
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = C:\:c_87u.nls

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
btwdins /*Bluetooth Service*/@ = C:\Programmi\Software Bluetooth\bin\btwdins.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\System32\CTsvcCDA.exe
ILM /*Infobel License Manager*/@ = C:\Programmi\Finson\ILM\Ilm.exe
navapsvc /*Norton AntiVirus Auto-Protect Service*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe"
NetRqh /*NetRqh*/@ = "C:\Programmi\File comuni\Microsoft Shared\lmkXMo.exe"
NPFMntor /*Norton AntiVirus Firewall Monitor Service*/@ = C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SNDSrvc /*Symantec Network Drivers Service*/@ = C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
SPBBCSvc /*Symantec SPBBCSvc*/@ = C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
SymWSC /*SymWMI Service*/@ = C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SSC_UserPromptC:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe = C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@PE2CKFNT SEC:\Programmi\Ulead Photo Express 2 SE\ChkFont.exe = C:\Programmi\Ulead Photo Express 2 SE\ChkFont.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IW ControlcenterC:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE = C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
@CTSysVolC:\Programmi\Creative\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Programmi\Creative\Surround Mixer\CTSysVol.exe /r /*file not found*/
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@CTDVDDETC:\Programmi\Creative\DVDAudio\CTDVDDET.EXE = C:\Programmi\Creative\DVDAudio\CTDVDDET.EXE
@RivaTunerStartupDaemon"C:\Programmi\rivatuner\RivaTuner.exe" /S = "C:\Programmi\rivatuner\RivaTuner.exe" /S
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@GAINWARDC:\WINDOWS\TBPanel.exe /A = C:\WINDOWS\TBPanel.exe /A
@Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@EPSON Stylus DX4800 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
@yylb1.exeC:\WINDOWS\Temp\yylb1.exe = C:\WINDOWS\Temp\yylb1.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RemoteCenterC:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE = C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/ = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/
@Spyware Doctor"C:\Programmi\Spyware Doctor\swdoctor.exe" /Q = "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.11 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.11 DragDrop Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.11 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.11 Property Sheet Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{F5D92341-0A64-11D0-9956-0000E8096023} /*CD Copy Shell Extension*/C:\WINDOWS\System32\Shellext\CDWSHEXT.DLL = C:\WINDOWS\System32\Shellext\CDWSHEXT.DLL
@{F5D92342-0A64-11D0-9956-0000E8096023} /*CD Wizard Shell Extension*/C:\WINDOWS\System32\Shellext\CDWSHEXT.DLL = C:\WINDOWS\System32\Shellext\CDWSHEXT.DLL
@{F5D92344-0A64-11D0-9956-0000E8096023} /*InstantWrite Shellextension*/C:\WINDOWS\System32\Shellext\iwshex.dll = C:\WINDOWS\System32\Shellext\iwshex.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/E:\win88\SmartFTP\smarthook.dll /*file not found*/ = E:\win88\SmartFTP\smarthook.dll /*file not found*/
@{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} /*EditPlus Context Menu Handler*/C:\Programmi\EditPlus 2\eppshell.dll = C:\Programmi\EditPlus 2\eppshell.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\RealPlayer\rpshell.dll = C:\Programmi\RealPlayer\rpshell.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{6EE51AA0-77A0-11D7-B4E1-000347126E46} /*Window Washer Shell Shredding Utility*/C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\System32\btneighborhood.dll = C:\WINDOWS\System32\btneighborhood.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\OFFICE11\msohev.dll = C:\Programmi\OFFICE11\msohev.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{00020000-0000-1011-8004-0000C06B5161} /*WIBU-SYSTEMS Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
EditPlus@{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} = C:\Programmi\EditPlus 2\eppshell.dll
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@(null) =
@{92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF}C:\WINDOWS\ylwvx1.dll = C:\WINDOWS\ylwvx1.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@(null) =
@{BDF3E430-B101-42AD-A544-FADC6B084872}C:\Programmi\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton AntiVirus\NavShExt.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.google.it = http://www.google.it
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Pagec:\windows\system32\blank.htm = c:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\SER DAN\Menu Avvio\Programmi\Esecuzione automatica >>>
Collegamento a emule.lnk = Collegamento a emule.lnk
Copia di Avvia il browser Internet Explorer.lnk = Copia di Avvia il browser Internet Explorer.lnk
TurboLaunch.lnk = TurboLaunch.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
DSLMON.lnk = DSLMON.lnk
EPSON Status Monitor 3 Environment Check 2.lnk = EPSON Status Monitor 3 Environment Check 2.lnk

---- EOF - GMER 1.0.10 ----



Cosa debbo fare ora? :undecided: Grazie ;)
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi frocco » 16/08/06 22:09

Argh ho notato che nei servizi ho due chiamate sospette :

Il servizio "gestione estesa floppy disk" fa riferimento ad un fantomatico "C:\WINDOWS\Downlo~1\5nnlset\9950kf1.exe" e ho un altro fantomatico servizio "NetRqh" con connessione "JFxwH".

Dimmi che debbo fare Luke sono nelle tue mani eheh :)
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi Luke57 » 16/08/06 22:14

Ciao, prova a fare:

start>esegui>control userpassword2 (lo scrivi nello spazio bianco)>OK
nella finestra Account Utente, verifica le utenze (Administrators, Utente, Aspnet sono regolari), se la trovi una con nome casuale, tipo XPGZQ e via dicendo segnati il nome ed eliminala, ciccando con il tasto dx e scegliendo elimina

4)Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa.


scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\NetRqh
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yylb1.exe

Files to delete:
C:\WINDOWS\ylwvx1.dll
C:\Programmi\File comuni\Microsoft Shared\lmkXMo.exe
C:\WINDOWS\Temp\yylb1.exe



Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes o
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script



Apri HijackThis, premi Open the misc tools section, poi clicca su Open Ads Spy... e togli il segno di spunta dalla casella Quick Scan. Localizza se presente il file C:\:c_87u.nls, selezionalo mettendo un segno di spunta nella casella accanto alla voce e premi Remove selected.

Controlla se in C:Programmi, C:\Programmi\file comuni, , C:\Programmi\file comuni\System,
C:\Programmi\file comuni\ Microsoft Shared, hai altri file colorati di verde. Se sì comunica nome e percorso esatto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi frocco » 16/08/06 23:46

Allora ho eseguito tutto quello che mi hai detto.Ho notato che i servizi anomali sono spariti finalmente.Ti posto un log di HijackThis.Ho visto che e' rimasta la voce 17 che non mi convince ma ho notato che appare solamente se faccio una scansione con HijackThis quando sono collegato su internet.Se la faccio offline non appare la voce 17

O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68

Ma e' dannosa come penso o' e' normale questa voce che appaia mentre sono online?

Cmq ho notato che il PC ha gia' ripreso vigore e la navigazione e' fluida come una volta.Bastardo davvero questo Linkoptimizer... praticamente ti rende il PC lentissimo... cmq sono ancora proccupato per quelle due chiamate sopra perche' ho paura che ancora e' attivo il bastardo...

Dimmi il tuo parere Luke57 per favore... :roll:
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi frocco » 17/08/06 01:32

Ecco il log

Logfile of HijackThis v1.99.1
Scan saved at 2.31.47, on 17/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Finson\ILM\Ilm.exe
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\Creative\DVDAudio\CTDVDDET.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Software Bluetooth\BTTray.exe
C:\Programmi\SAGEM\SAGEM F@st 800\dslmon.exe
C:\Programmi\TurboLaunch\TurboLaunch.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\haj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.97.21.81:1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programmi\rivatuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GAINWARD] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [yylb1.exe] C:\WINDOWS\Temp\yylb1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: TurboLaunch.lnk = C:\Programmi\TurboLaunch\TurboLaunch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDE4542-85C0-4724-B8A5-F77B03832662}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Infobel License Manager (ILM) - Unknown owner - C:\Programmi\Finson\ILM\Ilm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi Luke57 » 17/08/06 07:12

Ciao, le voci 017 fanno riferimento alla tua connessione Internet (Telecom), quando no sei connesso hijackthis non le rileva.
Con hijackthis, fissa questa voce:
O4 - HKLM\..\Run: [yylb1.exe] C:\WINDOWS\Temp\yylb1.exe
(spero che il file non ci dovrebbe essere più)

Scarica ATFCleaner (per la pulizia fle temp di windows e di IE)
http://www.atribune.org/ccount/click.php?id=1

Avvia ATF cleaner clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Inoltre disistalla la java e installa l'ultima versione (la 1.5.7) versione off line.
Inoltre ancora, puoi disattivare alla partenza diverse voci (quelle elencate con hijackthis alla voce 04), per es. quelle relative a masterizzatore, stampa, fotografia, la stessa Java,ecc).
Fallo con ms config:
start>esegui>msconfig>OK, nella tabella che si pare vai su Avvio e togli il segno di spunta alle voci suddette. Al riavvio del computer, queste non partiranno più in automatico.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi frocco » 17/08/06 09:20

Ciao Luke57, ho eliminato la voce 04 che mi hai indicato,ho fatto una pulizia con AtfCleaner, disistallato Java e installato l'ultima versione offline ed eliminato qualche partenza al boot da msconfig.Grazie ai tuoi preziosi consigli il mio PC e' rinato... :) ... era diventato lentissimo e si bloccava spesso...Questo maledetto LinkOptimize e' veramente un malware terribile... una curiosita'... ma questo oltre a rallentare il PC e' in grado di intercettare cose tipo password,numeri di carta di credito ecc.? ... te lo chiedo perche' nei giorni passato ho fatto transazioni online e sono preoccupato... :-? ...
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Postdi Luke57 » 17/08/06 09:26

Ciao, non so se avevi anche l'utenza malefica nei tuoi account utente. Il fatto che un'utenza clandestina entri nel tuo computer con gli stessi diritti tuoi penso che possa fare diverse cose. Non sono in grado di dirti però che rischi hai corso.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi frocco » 17/08/06 11:52

Ho controllato e pare non abbia subito alcune frode... a parte i paurosi rallentamenti al pc,le finestre di popup e le disconnessioni... :x Speriamo ora vada tutto bene... grazie tante per l'aiuto Luke57 ;) ... senza di te non sarebbe stato facile... :)
frocco
Utente Junior
 
Post: 11
Iscritto il: 15/08/06 22:41

Ho lo stesso problema

Postdi forzanapoli185 » 22/08/06 14:37

Ciao luke57, ho lo stesso problema di frocco ho letto un pochino tutto il forum e sono riuscito ad eseguire alcuni passi.
I passi sono i seguenti:
1 Tolto Link optimize dal pannello di controllo tramite programma da te consigliato ossia My unistall;
2 Ho eseguito la scansione con gmer110 da te consigliato e sono usciti i due file indicati sospetti dalla scansione di frocco, solo che cambiavano i numerini nelle parentesi, pero nn ho toccato nulla.
3 Ho eliminato la cartella dell'amministratore sconosciuto sottonome di AroBojkmTS, successivamento ho visualizzato i processi nel task manager ed ho notato che i valori di alcuni processi sono rientrati nella norma (svchost e iexplorer). Dopo ho riprovato a navigare ma continua a comparire quel pop-up pubblicitario che mi induce a pensare che il virus ci sia ancora.
4 Poi ho eseguito il passaggio da te consigliato della scansione con avenger e si e riavviato normalmente il pc. Successivamente all'accensione mi ha fornito un log file che io ho postato.
5 Poi ho eseguito una scansione con hijackthis nel modo da te consigliato ma nn mi ha trovato quel file C:\:c_87u.nls, ma ne ha trovati altri due. Eccoli: C:\WINDOWS\system32 : cp_125v.nls (120499bytes) sono entrambi uguali.
CHE NE DEVO FARE DI QUESTI 2 FILE????????????
6 sono andato a vedere nella cartella C:\Programmi\File comuni\System ed ho trovato altri file con le scritte verdi , che pero nn so come inviarti.

alla fine ho eseguito una scansione cn hijacthis
ed e uscito questo log file

Logfile of HijackThis v1.99.1
Scan saved at 15.36.03, on 22/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\win\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {04D9E02A-03AE-F63B-CEF3-4F916B598BB8} - C:\WINDOWS\gobqg1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://forzanapoli185.spaces.live.com// ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F11C0-68BA-45F3-B6D8-0DD10B6A6747}: NameServer = 85.37.17.11 85.38.28.69
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

ti prego aiutami ad uccidere a questo infame di mostro

sicuro di una tua risposta

grazie in anticipo
forzanapoli185
Utente Junior
 
Post: 63
Iscritto il: 22/08/06 14:08

Postdi Luke57 » 22/08/06 16:19

Ciao, così non riesco a capire.

Devo vedere i due log di GMer.
Ti ridico come fare ;)

scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Incolli il log gemerato in un blocco notes.

Con la stessa procedura fai una scansione nella posizione Autostart, la copi e incolli nel suddetto foglio di testo.

Incolli tutti e due i log in un nuovo post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

log file di gmer

Postdi forzanapoli185 » 22/08/06 18:24

ciao, scusa ma faccio le scanzioni con gmer ma nn so come prendere i log file.. mi diresti come fare?
e riguardo a quei file di colore verdi in C:\Programmi\file comuni\System ke mi sai dire? sembra siano file di msdos...
cmq ho fatto anke una scansione cn hajackthis di nuovo e sembra nn mi compaiano piu quei due file riguardanti URLSearchHook le prestazioni del pc sembrano migliorate e anke la navigazione è piu rapida kon quel popup ke nn appare piu.. pero nn sn sicuro del tutto di averlo tolto perke è cambiata l'icona del (C:) ke ha assunto la stessa icona del virus Linkoptimize... cosa mi dici ke devo fare..
grazie ancora
forzanapoli185
Utente Junior
 
Post: 63
Iscritto il: 22/08/06 14:08

Postdi Luke57 » 22/08/06 23:25

Ciao, il cambio di icona di C era capitata a un'utente in un altro forum, non ancora risolto.
Per i log di Gmer l'ho scritto, apri Gmer.exe, vai nella posizione rootk, clicchi scan, attendi la fine della scansione, clicchi copy e lo incolli in un documento, anche di word.
Fai anche una scansione nella posizione Autostart, clicchi copy al termine della scansion e incolli il report nello stesso documento. Copi il tutto che poi incollerai in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

log gmer

Postdi forzanapoli185 » 23/08/06 12:36

ciao luke57 ho fatto come mi hai detto ed ecco i log file ottenuti dalle scansioni:
---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{3760FE19-BACB-4F99-8FA2-356313F76C85}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{3760FE19-BACB-4F99-8FA2-356313F76C85}
File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{3760FE19-BACB-4F99-8FA2-356313F76C85}
File G:\System Volume Information\_restore{89F93C62-2AC2-45A2-85E6-E6F7FF3630A3}

---- EOF - GMER 1.0.10 ----
quella di austart è:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-23 13:29:55
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NetUzq /*NetUzq*/@ = "C:\Programmi\File comuni\System\wfB.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinDefend /*Windows Defender Service*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ /*file not found*/ = /*file not found*/
@NVIDIA nTune"C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear = "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
@mmtaskc:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe /*file not found*/ = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe /*file not found*/
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_04\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
@OpwareSE2"C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" = "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
@CnxDslTaskBar"C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" = "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msero@CLSID = C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\MSERO.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0941B23F-F75C-4006-9982-D5464EB623CE} /*Connessione alla rete locale (LAN) 3*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Logitech SetPoint.lnk

stamattina l'icona del (C:) è cambiata ancora diventando quella finestra bianca con dei segni colorati dentro ke in genere è messsa a quei file di cui nn si con quale programma aprire e il sistema ti kiede di scegliere..
senti volevo anke kiederti con accertarmi se quel virus ce ancora..
e volevo anke kiederti se gozilla è cosi migliore dell'explorer come molti mi stanno consigliando

grazie ancora di tutto

---- EOF - GMER 1.0.10 ----
forzanapoli185
Utente Junior
 
Post: 63
Iscritto il: 22/08/06 14:08

Postdi Luke57 » 23/08/06 15:52

Ciao, utilizza Avenger inserendo queste scritte (se l’hai usato penso che conosci la procedura, che comunque ripeto):

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\NetUzq


Files to delete:
C:\Programmi\File comuni\System\wfB.exe


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes o Sì
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script

Per conoscere i nomi dei files verdi, fai:
start>esegui>cmd (lo scrivi nello spazio)>ok
Entrato nel prompt dei comandi, digiti (rispettando gli spazi):
cd C:\ Programmi\File comuni\System------ >premi Invio
dir > c:\files.txt------- >premi Invio
Chiusi il prompt e se vai in C:\ dovresti trovare files.txt. Lo copi e lo incolli in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi forzanapoli185 » 23/08/06 17:38

ciao luke57 ecco il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mdnrvljp

*******************

Script file located at: \??\C:\Documents and Settings\laonrblb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\NetRqh not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\NetRqh failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\NetRqh
Status: 0xc0000034



File C:\WINDOWS\ylwvx1.dll not found!
Deletion of file C:\WINDOWS\ylwvx1.dll failed!

Could not process line:
C:\WINDOWS\ylwvx1.dll
Status: 0xc0000034



File C:\Programmi\File comuni\Microsoft Shared\lmkXMo.exe not found!
Deletion of file C:\Programmi\File comuni\Microsoft Shared\lmkXMo.exe failed!

Could not process line:
C:\Programmi\File comuni\Microsoft Shared\lmkXMo.exe
Status: 0xc0000034



File C:\WINDOWS\Temp\yylb1.exe not found!
Deletion of file C:\WINDOWS\Temp\yylb1.exe failed!

Could not process line:
C:\WINDOWS\Temp\yylb1.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {92D8B666-1C89-5191-5D7B-C4B9B6F3B9BF} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yylb1.exe not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yylb1.exe failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

per quanto riguarda il comando per trovare i file in verde devo dire ke nn sn molto pratico cmq ho provato scrivendo cmd in esegui si apre il prompt con gia il comando c.\Documents & Settings\win>
ora ho provato a scrivere il comando ke mi hai detto mi mi ha dato applicazione nn valida, ho cercato di portare il cursore sotto ma niente mi sa ke mi dire meglio cm fare..

cmq dato ke ho tolto il linkoptimizer dal pannello ho cancellato la cartella dell'amministratore sconosciuto, ho fatto le scansioni con gmer senza errori, con hijackthis ho eliminato quei due file sospetti, il pc sembra andare meglio, quale altra presenza ci puo essere nel pc di quel virus? e ke altre procedure bisogna fare per renderlo ripulito al 100%?
forzanapoli185
Utente Junior
 
Post: 63
Iscritto il: 22/08/06 14:08

Postdi Luke57 » 24/08/06 08:07

Ciao, per i files verdi, se ci sono, scrivi esattamente il nome e poi lo comunichi in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Sto impazzendo...":


Chi c’è in linea

Visitano il forum: Nessuno e 36 ospiti