Condividi:        

ho un problema

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

ho un problema

Postdi nicolas079 » 09/08/06 20:42

Ciao a tutti
Ogni volta che avvio il pc mi viene la scritta che non trova il file: C:PROGRAM~1/MYWEBS~/BAR/7.BIN|MWSBAR.DLL che devo fare ho scaricato il programma che consigliate voi in questi casi :hijackthis.
il risultato e questo

Logfile of HijackThis v1.99.1
Scan saved at 21.17.09, on 08/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Caere\PageKeepLite30\system\PKJobs.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Caere\PageKeepLite30\SYSTEM\PKTOPASS.EXE
C:\Programmi\Caere\PageKeepLite30\SYSTEM\PKSlapi.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {292ECE23-A2C4-1E12-8163-C83D9C7E20E7} - C:\WINDOWS\kmapy1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\7.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [yqnc1.exe] C:\WINDOWS\Temp\yqnc1.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programmi\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Lavori di PageKeeper Lite.lnk = C:\Programmi\Caere\PageKeepLite30\system\PKJobs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BFE2D05-3B3B-4BBA-B9D1-12E7C49E9B2F}: NameServer = 85.37.17.14 85.38.28.78
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BFE2D05-3B3B-4BBA-B9D1-12E7C49E9B2F}: NameServer = 85.37.17.14 85.38.28.78
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\metlika\IMPOST~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SecAgu - Unknown owner - C:\:iFf.exe

aspetto una vostra risposta grazie
nicolas079
Newbie
 
Post: 1
Iscritto il: 09/08/06 20:21
Località: trieste

Sponsor
 

Postdi Luke57 » 10/08/06 09:51

Ciao, dal log sembra che ci sia una infezione di link optimizer (così diffuso in questi tristi tempi).

Fai queste verifiche:
start>esegui>control userpasswords2>OK

si apre la finestra Account utente, verifica se hai un'utenza sospetta (oltre a quelle consuete Administrators e Utente) con un nome casuale, tipo GYZX e simili;

start>esegui>services.msc>OK , nell'elenco dei servizi verificare se ne trovi uno con nome casuale, dove nella colonna Connessione, invece che Sistema locale o Servizio di rete riporta "nome casuale";

da risorse del computer>pannello di controllo, installazioni/applicazioni, verifica se trovi l'applicazione LinkOptimizer; se sì non tentare di rimuoverla, rimanda a un sito estero di dubbia legittimità;

Se hai presenti questi sintomi, posta anche un log di GMer da qui:
http://www.gmer.net/gmer110.zip
CITAZIONE:
Decomprimi il programma
Avvialo,portati sul tag "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows clicca su modifica e seleziona incolla
Adesso seleziona tutto il contenuto del block notes e fai un copia e incolla nel forum.

Fai uno scan anche dell'Autostart e allegalo insieme al log del rootkit.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 15:38

Salve, chiedo scusa se mi presento subito con una richiesta. Ho seguito le indicazioni e scandagliato un po' il forum, mi pare che il mio problema sia identico a quello segnalato qui.
Ho fatto tutte e tre le operazioni e purtroppo tutte hanno dato l'esito segnalato: utenza sospetta, stesso nome nell'elenco servizi, link optimizer eccetera.
Allora ho scaricato quel programmino e allego il risultato:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-20 16:35:56
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F86F6220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F86F6480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86F65A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8AB585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F86F6220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F86F6480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86F65A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8AB585A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F86F6220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F86F6480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86F65A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8AB585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F86F6220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F86F6480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86F65A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8AB585A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F86F6220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F86F6480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F86F65A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F8AB585A] avgtdi.sys

Se qualcuno potesse darmi un consiglio gliene sarei infinitamente grato.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 20/08/06 15:40

Ciao, per completezza postaun log di Gmer della posizione Autostart e uno di hiajckthis dalla modalità normale.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 15:46

Ecco, dovrebbero essere questi: sono abbastanza negato anche se uso il pc tutti i giorni:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-20 16:42:33
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f3dsl@DLLName = lsd_f3.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
LogUdx /*LogUdx*/@ = "C:\Programmi\File comuni\System\GhIyoz.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SmcService /*Sygate Personal Firewall*/@ = C:\Programmi\Sygate\SPF\smc.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
@SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@zBrowser LauncherC:\Programmi\Logitech\iTouch\iTouch.exe = C:\Programmi\Logitech\iTouch\iTouch.exe
@Logitech UtilityLogi_MwX.Exe = Logi_MwX.Exe
@iTunesHelperC:\Programmi\iTunes\iTunesHelper.exe = C:\Programmi\iTunes\iTunesHelper.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@kpdo1.exeC:\WINDOWS\TEMP\kpdo1.exe /*file not found*/ = C:\WINDOWS\TEMP\kpdo1.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@BPS Security ConsoleC:\Programmi\BulletProofSoft.com\BPS Security Console\SecCon.exe /*file not found*/ = C:\Programmi\BulletProofSoft.com\BPS Security Console\SecCon.exe /*file not found*/
@BPSPopupShldC:\Programmi\BulletProofSoft.com\BPSPopupShield\BPSPopupShld.exe /*file not found*/ = C:\Programmi\BulletProofSoft.com\BPSPopupShield\BPSPopupShld.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{51917337-5113-4EC2-9CB6-C6212D0EF3E9} /*BPS Data Shredder Context Menu*/C:\Programmi\BulletProofSoft.com\BPS Data Shredder\CtxMenu.dll = C:\Programmi\BulletProofSoft.com\BPS Data Shredder\CtxMenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
BPS Data Shredder Context Menu@{51917337-5113-4EC2-9CB6-C6212D0EF3E9} = C:\Programmi\BulletProofSoft.com\BPS Data Shredder\CtxMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
BPS Data Shredder Context Menu@{51917337-5113-4EC2-9CB6-C6212D0EF3E9} = C:\Programmi\BulletProofSoft.com\BPS Data Shredder\CtxMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}C:\WINDOWS\hoxna1.dll = C:\WINDOWS\hoxna1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ig?hl=it = http://www.google.it/ig?hl=it
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
EPSON Status Monitor 3 Environment Check 2.lnk = EPSON Status Monitor 3 Environment Check 2.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----


Logfile of HijackThis v1.99.1
Scan saved at 16.45.12, on 20/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\Maurizio\IMPOST~1\Temp\Rar$EX00.312\gmer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Maurizio\IMPOST~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} - C:\WINDOWS\hoxna1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [kpdo1.exe] C:\WINDOWS\TEMP\kpdo1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPS Security Console] C:\Programmi\BulletProofSoft.com\BPS Security Console\SecCon.exe
O4 - HKCU\..\Run: [BPSPopupShld] C:\Programmi\BulletProofSoft.com\BPSPopupShield\BPSPopupShld.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//habphfs//gpyokbi//sndfchn//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02af3c88641 ... 601_it.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.objectcube.com/dc5/aebn/file ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6063327640
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.dww.at/movies/Components/downloadcontrol.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{013309D7-A17A-46E2-98CA-5351CC4E8894}: NameServer = 194.74.65.69,62.6.40.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{013309D7-A17A-46E2-98CA-5351CC4E8894}: NameServer = 194.74.65.69,62.6.40.162
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 20/08/06 16:20

Ciao, prova a fare questa procedura:


Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer se è presente nel tuo computer (impossibile farlo da pannello di controllo, installazioni/applicazioni)

Apri il programmino (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;

1)Start>esegui>control userpasswords2 (lo digiti nello spazio bianco)>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

2) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK

Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa

Svuota il cestino




4) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}


Files to delete:
C:\Programmi\File comuni\System\GhIyoz.exe
C:\WINDOWS\hoxna1.dll


Folders to delete:
C:\Windows\Temp


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script (ti apparirà al riavvio del computer)



5) Verifica se in C:\programmi\file comuni\system ci sono altri file .exe di colore verde; se sì esegui questa procedura:

start>esegui>cmd (lo digiti nello spazio)>ok
All’apertura del prompt dei comandi digiti
Cd C:\Programmi\file comuni\system----- premi Invio
Dir > c:\files.txt------ premi Invio

In C troverai il files.txt di cui copierai il testo per inserirlo in un post.



69 Inoltre con hijackthis, premi “do a system scan only”, cerchi e spunti le seguenti voci (se ci sono sempre):
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [kpdo1.exe] C:\WINDOWS\TEMP\kpdo1.exe
O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)

Premi fix checked
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 17:00

Ciao, ti ho seguito passo per passo.
Ecco avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mwivgjhq

*******************

Script file located at: \??\C:\WINDOWS\System32\ckyhevhu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}
Status: 0xc0000034

File C:\Programmi\File comuni\System\GhIyoz.exe deleted successfully.
File C:\WINDOWS\hoxna1.dll deleted successfully.
Folder C:\Windows\Temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Forse non ho capito bene come fare l'operazione 5.
Io scrivo le cose in neretto nel prompt dei comandi: la prima e premo invio, la seconda e premo invio, ma da lì in avanti non so che fare.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 20/08/06 17:08

Ciao, chiudi il prompt e in C troverai il files.txt di cui copierai il testo per inserirlo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 17:17

Ciao, è questo?

Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 72FD-73A0

Directory di C:\Programmi\File comuni\System

20/08/2006 17.49 <DIR> .
20/08/2006 17.49 <DIR> ..
07/10/2004 22.44 <DIR> ado
20/08/2006 10.40 141.824 dEX.exe
31/08/2001 14.00 76.288 directdb.dll
13/08/2006 20.24 116.224 Dsh.exe
08/08/2006 00.31 112.128 joJ.exe
07/10/2004 23.08 <DIR> Mapi
07/10/2004 22.44 <DIR> msadc
12/08/2006 21.14 148.480 nri.exe
07/10/2004 23.09 <DIR> Ole DB
16/08/2006 13.34 105.984 sCTyH.exe
20/08/2006 07.39 159.744 vSR.exe
09/09/2002 13.51 459.776 wab32.dll
09/09/2002 13.48 254.464 wab32res.dll
19/08/2006 21.30 112.128 WkeIh.exe
17/08/2006 10.51 73.728 zEXutx.exe
12/08/2006 13.14 166.400 zPz.exe
12 File 1.927.168 byte
6 Directory 64.047.816.704 byte disponibili
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 20/08/06 17:41

Ciao, con Avenger copia e incolla:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\Programmi\File Comuni\System\dEX.exe
C:\Programmi\File Comuni\System\Dsh.exe
C:\Programmi\File Comuni\System\joJ.exe
C:\Programmi\File Comuni\System\nri.exe
C:\Programmi\File Comuni\System\sCTyH.exe
C:\Programmi\File Comuni\System\vSR.exe
C:\Programmi\File Comuni\System\WkeIh.exe
C:\Programmi\File Comuni\System\zEXutx.exe
C:\Programmi\File Comuni\System\zPz.exe



Esegui poi la stessa procedura di eliminazione con riavvio del computer.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 18:00

Fatto, ti incollo quello che è uscito nel blocco note di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jsjrcbgr

*******************

Script file located at: \??\C:\Documents and Settings\togkgfcy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}
Status: 0xc0000034



File C:\Programmi\File comuni\System\GhIyoz.exe not found!
Deletion of file C:\Programmi\File comuni\System\GhIyoz.exe failed!

Could not process line:
C:\Programmi\File comuni\System\GhIyoz.exe
Status: 0xc0000034



File C:\WINDOWS\hoxna1.dll not found!
Deletion of file C:\WINDOWS\hoxna1.dll failed!

Could not process line:
C:\WINDOWS\hoxna1.dll
Status: 0xc0000034

Folder C:\Windows\Temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Ti voglio dire anche un'altra cosa. In installazione applicazioni c'è ancora la voce link optimizer, anche se non ci sono le dimensioni a destra. E' normale?
Mille grazie per quanto ti stai sbattendo.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 20/08/06 19:11

Ciao, usa questo:
Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer se è presente nel tuo computer (impossibile farlo da pannello di controllo, installazioni/applicazioni)

Apri il programmino (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 20/08/06 21:50

Ciao, sono di nuovo qua. Temo di non aver ancora eliminato tutto.
Link optimizer non c'è più, ma in C:\programmi\file comuni\system cìè ancora parecchia roba verde.
Ho provato a rifare la procedura che mi hai consigliato ma quando nel prompt scrivo questo: Cd C:\Programmi\file comuni\system----- e premo invio mi dice che è impossibile trovare il programma specificato.
Inoltre in Servizi è ancora presente quel nome casuale.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 21/08/06 08:06

Ciao, scusa forse non hai visto il mio messaggio:

Riavvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx


Files to delete:
C:\Programmi\File Comuni\System\dEX.exe
C:\Programmi\File Comuni\System\Dsh.exe
C:\Programmi\File Comuni\System\joJ.exe
C:\Programmi\File Comuni\System\nri.exe
C:\Programmi\File Comuni\System\sCTyH.exe
C:\Programmi\File Comuni\System\vSR.exe
C:\Programmi\File Comuni\System\WkeIh.exe
C:\Programmi\File Comuni\System\zEXutx.exe
C:\Programmi\File Comuni\System\zPz.exe



Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script (ti apparirà al riavvio del computer)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 21/08/06 10:11

Ciao, fatta l'operazione. Ti incollo di seguito il log di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lrekevdy

*******************

Script file located at: \??\C:\WINDOWS\System32\mwxryqmv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx deleted successfully.
File C:\Programmi\File Comuni\System\dEX.exe deleted successfully.
File C:\Programmi\File Comuni\System\Dsh.exe deleted successfully.
File C:\Programmi\File Comuni\System\joJ.exe deleted successfully.
File C:\Programmi\File Comuni\System\nri.exe deleted successfully.
File C:\Programmi\File Comuni\System\sCTyH.exe deleted successfully.
File C:\Programmi\File Comuni\System\vSR.exe deleted successfully.
File C:\Programmi\File Comuni\System\WkeIh.exe deleted successfully.
File C:\Programmi\File Comuni\System\zEXutx.exe deleted successfully.
File C:\Programmi\File Comuni\System\zPz.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Postdi Luke57 » 21/08/06 10:14

Ciao, i file sono stati tutti eliminati.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi pompy » 21/08/06 10:30

Ciao Luke, fantastico! E' scomparso tutto.
Ti ringrazio davvero infinitamente.
Spero di poter ricambiare in qualche modo, anche se non so come.
Grazie ancora.
pompy
Newbie
 
Post: 8
Iscritto il: 20/08/06 15:22

Ti prego aiuta anche me,ho anche fatto uno sbaglio...

Postdi LuckyLuke6 » 26/08/06 12:35

Ciao Luke,sono un nuovo iscritto e leggendo questo topic ho trovato lo stesso mio problema,spero tu davvero riesca ad aiutarmi,te ne sarei eternamente grato!!!
Ho preferito non aprire l'ennesimo topic,ma spero il mio problema abbia lo stesso visibilità.

Avevo gli stessi problemi degli altri.

Ho fatto tutto come indicato:
-disinstallato linkoptimizer tramite MyUninstaller
-rimosso l'utente col nome strano
-cancellato cartella con nome simile a quell'utente
e scaricato avenger.

Qui poi mi sono reso conto di aver fatto una cavolata.Perchè pensando che il problema fosse lo stesso per tutti e non leggendo i post successivi ho inserito le stesse istruzioni che avevi dato ad un altro utente.Ovvero le seguenti

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}


Files to delete:
C:\Programmi\File comuni\System\GhIyoz.exe
C:\WINDOWS\hoxna1.dll


Folders to delete:
C:\Windows\Temp


Spero di non aver combinato casini o cancellato qualcosa :cry:
Comunque ora non ci sono file exe in file comuni system,ma facendo
start>esegui>services.msc>OK , nell'elenco dei servizi c'è ancora nella colonna Connessione, quel nome strano.
Inoltre sono sicuro che inserendo le istruzioni del pc di un altro utente non ho risolto il problema,per cui ti allego tutto i miei reports e ti chiedo nel casoc e ne sia bisogno una maniera di riparare alle azioni(cancellazioni file importanti??) delle sbagliate istruzioni che ho dato prima ad avanger.


con HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 13.07.35, on 26/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
C:\Programmi\WLAN\802.11 Wireless LAN\WWlanMonitor.exe
C:\Programmi\Office keyboard utility\1.1\nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Fuiano\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/aas/hp?L=it
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [wwep1.exe] C:\WINDOWS\TEMP\wwep1.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: WLAN Monitor Utility.lnk = ?
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6330284062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304588D-0746-4905-98B7-DB92CF7ECC9A}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0304588D-0746-4905-98B7-DB92CF7ECC9A}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0304588D-0746-4905-98B7-DB92CF7ECC9A}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Office keyboard utility\1.1\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\PROGRAMMI\VEXPLITE\viritsvc.exe
O23 - Service: XQQ - Unknown owner - C:\Programmi\yfNhiFyAD.exe

e con gmer:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-26 13:34:55
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT 859054A8 ZwConnectPort
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862FC038
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862FC038
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 862FC038
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_NAMED_PIPE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLOSEIRP_MJ_READ 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_WRITE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_EA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FLUSH_BUFFERS 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_VOLUME_INFORMATION 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DIRECTORY_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SHUTDOWN 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_LOCK_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLEANUP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_MAILSLOT 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_SECURITY 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_POWER 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SYSTEM_CONTROL 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CHANGE 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_QUOTA 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP 8651C3B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP_POWER 8651C3B0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 862FC038
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 862FC038
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CREATE [F7974220] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CLOSEIRP_MJ_READ [F7974480] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F79745A0] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_SHUTDOWN [F79745D0] wpsdrvnt.sys
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_WRITE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_EA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSEIRP_MJ_READ 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 862CFE80
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP_POWER 862CFE80

---- Modules - GMER 1.0.10 ----

Module _________ F779A000

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE565
LuckyLuke6
Utente Junior
 
Post: 13
Iscritto il: 26/08/06 11:43

Postdi LuckyLuke6 » 26/08/06 12:38

aspetta che continua... :lol:
LuckyLuke6
Utente Junior
 
Post: 13
Iscritto il: 26/08/06 11:43

Postdi LuckyLuke6 » 26/08/06 12:40

riprendo da questo punto già iniziato nel post precedente....

---- Modules - GMER 1.0.10 ----

Module _________ F779A000

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{C6B38BEE-CD6E-4C47-9037-1249737597F8}
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{C6B38BEE-CD6E-4C47-9037-1249737597F8}

---- EOF - GMER 1.0.10 ----


e per completezza,nel caso ti possa essere utile per aiutarmi a correggere eventuali errori,ti inserisco anche il file .txt di avenger successivo al riavvio del computer

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lrgjfjcc

*******************

Script file located at: \??\C:\WINDOWS\ioebisyk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7} failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\LogUdx HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kpdo1.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA3D40C-CA66-8CB2-BDA5-86B52EF6F1E7}
Status: 0xc0000034



File C:\Programmi\File comuni\System\GhIyoz.exe not found!
Deletion of file C:\Programmi\File comuni\System\GhIyoz.exe failed!

Could not process line:
C:\Programmi\File comuni\System\GhIyoz.exe
Status: 0xc0000034



File C:\WINDOWS\hoxna1.dll not found!
Deletion of file C:\WINDOWS\hoxna1.dll failed!

Could not process line:
C:\WINDOWS\hoxna1.dll
Status: 0xc0000034

Folder C:\Windows\Temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

ah,un'ultima cosa anche importante.Saresti così gentile(solo se hai tempo e dopo aver risolto questo problema) da dirmi se potrebbe essere sempre questa la causa di improvvisi spegnimenti del computer e dell'errore(id7000) del service control manager che trovo ogni volta nel registro degli eventi di sistema?

GRAZIE MILLE IN ANTICIPO,PER FORTUNA ESISTE GENTE COME VOI CHE AIUTA GENTE INCAPACE COME NOI(scusa le caps,i ringraziamenti erano dovuti!!!)
Scusa anche i grassetti,li ho usati per distinguere i report dalle mie frasi ;)
LuckyLuke6
Utente Junior
 
Post: 13
Iscritto il: 26/08/06 11:43

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "ho un problema":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 53 ospiti