Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Iexplorer32.dll aiutatemi per favore

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Iexplorer32.dll aiutatemi per favore

Postdi Dennyar » 27/10/06 20:41

Ciao a tutti,
ho un grosso problema che non rieco a risolvere:
appena avvio il pc avast mi trova il virus iexplore32.dll che non riesco a togliere ne con lo stesso avast ne con adaware avviato in mod provvisoria.
Potreste darmi una mano? il pc si impalla e diventa lento
Grazie
Considerate che non è che sia proprio un drago con il pc......

questo è il logfile con hijachthis:


Logfile of HijackThis v1.99.1
Scan saved at 21.32.29, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\TEMP\fywb1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
G:\Daniele 2\Istallazione Programmi Fascia 2\Antivirus e Spy\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
G:\Daniele 2\Istallazione Programmi Fascia 2\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/myfastpage/res/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Daniele\10256424.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fywb1.exe] C:\WINDOWS\TEMP\fywb1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Sponsor
 

Postdi Dennyar » 27/10/06 21:06

anche snon cedo che sia collegato al virus di cui sopra da un po' di tempo ogni volta che faccio una ricerca su google come primi risultati mi appaiono link che portano tutti ad un indirizzo: http:\\nepogod.com

a cosa può essere dovuto?
grazie

es.
Online Auction Find Online Auction and many other businesses in and around your area at ThinkLocal.
http://thinklocal.com - - 53k - Copia cache - Pagine simili

eBay Italia - my.ebay.it/ws/eBayISAPI.dll?MyeBay
Accedi - signin.ebay.it/ws/eBayISAPI.dll?SignIn
Compra su eBay Motori - auto-moto.ebay.it/
Abbigliamento e accessori - abbigliamento.ebay.it/
Altri risultati in http://www.ebay.it »


BidOnUSA.com - Online Auctions We have many discount products for sale on BidOnUSA. Buy everything you need. search products, find items, and compare price on Bid On USA.
http://bidonusa.com - - 79k - Copia cache - Pagine simili


FREE eBay eBook Reveals Top Sellers Secrets Discover how the top sellers make insane profits on eBay. ThiseBook normally sells for $99.00 and is FREE for a limited time. Get Yours Before This Free Offer Expires - Click Here
http://www.referralware.com/home.jsp/58372035 - - 53k - Copia cache - Pagine simili


You Too Can Easily Make A Fortune On eBay! Get the insider's secrets to making an obscene income on eBay. One woman makes $250,000.00 per MONTH! Yes - $250,000! Want to see how she does it? Click Here
http://www.referralware.com/home.jsp42779723 - - 57k - Copia cache - Pagine simili
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Smjert » 27/10/06 21:33

Hai sia il Link Optimizer che il Trojan Clicker.

Usa questi due tool http://www.pc-facile.com/forum/viewtopic.php?t=49816

Il Prevx lo fai girare da Modalità Normale (ti chiederà poi di riavviare il pc)

Il Symantec deve essere fatto girare da Modalità Provvisoria (F8 al boot)

Torna in Modalità Normale

Scarica GMER da http://www.gmer.net

Avvia GMER e fai due scansioni (tasto Scan) una dal tab rootkit e l´altra dal tab autostart. Copiale tutte e due premendo il tasto Copy nei rispettivi tab e incollali in un file di testo che salverai.

Posta il contenuto di quel file di testo

Posta il contenuto dei due log dei tool per la rimozione del LinkOptimizer (C:\gromozon_removal e FixLinkOpt.log)
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi Dennyar » 27/10/06 22:21

Allora dopo il riavvio automatico di fixlinkopt avast mi ha nuovamente trovato il virus.....

ho fatto tutto come hai detto,
questi i log:

Questo è il risultato che viene fuori da rootkit Removal tool

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\AJEEMV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cGyyKO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KHXtc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pLq.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TmpTTi.exe
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\fywb1.exe
>>>Error: File C:\WINDOWS\Temp\fywb1.exe could not be removed - it will be removed on the next reboot.


Trojan.Gromozon Removed!


Questo è il log dell'altro

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: LogSll (logon as: .\BQs, passed filters)
service: LogSll (file path: C:\Programmi\File comuni\Microsoft Shared\Ira.exe - infected)
file: C:\Programmi\File comuni\Microsoft Shared\Ira.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll (key deleted)
reg: ...\SpecialAccounts\UserList\BQs (value deleted)
folder: \\?\C:\Documents and Settings\BQs (deleted)
user: BQs (deleted)


C:\WINDOWS\iexplore32.dll: (deleted)
C:\WINDOWS\Temp\_avast4_\unp126678474.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp17738423.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp217637443.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp248836080.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp260051452.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp98692063.tmp: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 125005
The number of deleted threat files: 8
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

Questo è il log della prima scansione con GMER rootkit:

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-27 23:17:32
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8678CC78
Device \Driver\00000046 \Device\00000043 IRP_MJ_POWER [F7749EA8] sptd.sys
Device \Driver\00000046 \Device\00000043 IRP_MJ_SYSTEM_CONTROL [F775DA70] sptd.sys
Device \Driver\00000046 \Device\00000043 IRP_MJ_PNP [F7756728] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867D7808
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D7A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8653EBC0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8649F9D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D7A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8653EBC0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_PNP 86409C68
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8678CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8640CEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 864D90E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D7A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 864E63A0
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_CREATE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_POWER 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_PNP 8678C0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8646EC40
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8636D260

---- Registry - GMER 1.0.11 ----

Reg \Registry\USER\S-1-5-21-776561741-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x8A 0xA8 0x83 0x99 ...
Reg \Registry\USER\S-1-5-21-776561741-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x48 0x85 0x58 0xAD ...

---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----


Questa la seconda da Autostart:

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-27 23:18:32
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@Logitech Hardware Abstraction Layer"C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE" = "C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
@ /*file not found*/ = /*file not found*/
@Kernel and Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@HP Software UpdateC:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe = C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
@NWEReboot /*file not found*/ = /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@fywb1.exeC:\WINDOWS\TEMP\fywb1.exe /*file not found*/ = C:\WINDOWS\TEMP\fywb1.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\kbcplext.dll = C:\Programmi\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\mcplext.dll = C:\Programmi\Logitech\SetPoint\mcplext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Utility\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Utility\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{14D1A72D-8705-11D8-B120-0040F46CB696}C:\Documents and Settings\Daniele\10256424.dll = C:\Documents and Settings\Daniele\10256424.dll
@{53707962-6F74-2D53-2644-206D7942484F}G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll = G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.fastweb.it/myfastpage/res/ = http://www.fastweb.it/myfastpage/res/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.11 ----
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Smjert » 27/10/06 23:06

Avast ti ha trovato probabilmente il Clicker ma non il LinkOptimizer (le procedure che ti ho scritto erano per rimuovere il secondo).

Ok ora passiamo al Clicker:
Scarica CCleaner

Avvia CCleaner e vai su Opzioni->Avanzate, togli la spunta a "cancella file in windows temp solo se più vecchi di 48 ore",
torna su Cleaner e fai Analizza, quando ha finito clicca Avvia Cleaner.

Riavvia in Modalità Provvisoria

Usa la ricerca di Windows e trova questi file: service32.exe, winsyst32.exe, syst32.dll, iexplore32.dll, spoolsv32.dll, cc1.txt, tuk.php, Sys.htm
(ricordati di attivare la ricerca nelle cartelle e nei file nascosti andando
in "Altre opzioni avanzate" e spuntando la voce
"Cerca nei file e nelle cartelle nascosti").


Se li trovi li cancelli
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi Smjert » 27/10/06 23:07

Ah visualizza anche i file nascosti (perchè se no li vedi solo dalla lista dei "risultati ricerca" se sono nascosti):

Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì).
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi Dennyar » 27/10/06 23:40

Allora, prima di tutto grazie per l'attenzione che mi stai dedicando, secondo ho fatto tutto come hai detto e riavviando in mod provvisoria l'unico di quelli che ho trovato e rimosso con shift+canc è proprio iexplorer32.dll.
Mi aveva trovato anche service32 ma non era .exe dunque l'ho lasciato lì.
Ho riavviato e subito nuovamente avast me lo ritrova........
il nome del file è sempre iexplorer32.dll mentre il nome del malwere è

Win32:Small-CGR [Trj]

:mmmh:

un incubo....
che ne pensi?
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Dennyar » 27/10/06 23:44

Questo è il log da Hijackthis dopo il tutto....

Logfile of HijackThis v1.99.1
Scan saved at 0.42.12, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
G:\Daniele 2\Istallazione Programmi Fascia 2\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/myfastpage/res/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Daniele\10256424.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fywb1.exe] C:\WINDOWS\TEMP\fywb1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Dennyar » 28/10/06 12:28

mi è venuto il dubbio, ma lo dovevo cancelare service32?
non era .exe però era comunque un applicazione...
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Dennyar » 29/10/06 22:55

mi avete abbandonato?? :cry:
sono ancora appeso....
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30

Postdi Smjert » 04/11/06 15:27

Probabilmente non vedi le estensioni dei file ma quello è service32.exe, per vedere le estensioni:

Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
togli la spunta alla voce "Nascondi le estensioni per i tipi di file conosciuti"


Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

O4 - HKLM\..\Run: [fywb1.exe] C:\WINDOWS\TEMP\fywb1.exe
O20 - AppInit_DLLs:


Rifai girare quei due tool per la rimozione del L.O.
Usa questi due tool http://www.pc-facile.com/forum/viewtopic.php?t=49816

Il Prevx lo fai girare da Modalità Normale (ti chiederà poi di riavviare il pc)

Il Symantec deve essere fatto girare da Modalità Provvisoria (F8 al boot)

Torna in Modalità Normale


Riavvia in Modalità Provvisoria e poi rimuovi i file del Trojan Clicker:

Usa la ricerca di Windows e trova questi file: service32.exe, winsyst32.exe, syst32.dll, iexplore32.dll, spoolsv32.dll, cc1.txt, tuk.php, Sys.htm
(ricordati di attivare la ricerca nelle cartelle e nei file nascosti andando
in "Altre opzioni avanzate" e spuntando la voce
"Cerca nei file e nelle cartelle nascosti").



Se li trovi li cancelli

Posta di nuovo i log dei due tool più un nuovo log di HijackThis.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi Smjert » 04/11/06 15:29

Pensavo avresti usato lo stesso topic ma ho visto che ne hai creato un'altro qua ...
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi Dennyar » 04/11/06 16:13

Si scusami solo che erano un po' di giorni che non ti vedevo sul forum e dato che mi stavi seguendo tu, non mi rispondeva nessun altro.
Grazie comunque!
Dennyar
Utente Junior
 
Post: 12
Iscritto il: 27/10/06 20:30


Torna a Sicurezza e Privacy


Topic correlati a "Iexplorer32.dll aiutatemi per favore":


Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti