Condividi:        

Connessione ADSL instabile. Aiutatemi a stanare...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Connessione ADSL instabile. Aiutatemi a stanare...

Postdi Palestinese » 27/08/06 15:03

La connessione ogni tanto salta, rendendomi impossibile fra l'altro, l'uso di eMule. Non sto qui a raccontare quando salta, troviamo direttamente il colpevole e distruggiamolo... :diavolo:
Avast ed Ad Aware non rilevano nulla di anomalo.

Questo è il log di HJT
Logfile of HijackThis v1.99.1
Scan saved at 12.43.08, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\rpen3.exe
C:\WINDOWS\System32:rgnhn.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rpen3.exe] C:\WINDOWS\Temp\rpen3.exe
O4 - HKLM\..\Run: [rgnhn.exe] C:\WINDOWS\System32:rgnhn.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht1_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://opalestinese.spaces.msn.com//Pho ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B33A9E0-66B2-42B7-804F-4760C3A4B30F}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Mentre il bitdefender...

BitDefender Online Scanner



Scan report generated at: Sun, Aug 27, 2006 - 13:54:00

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;


Statistics

Time
01:08:54

Files
521047

Folders
4164

Boot Sectors
3

Archives
5228

Packed Files
60487




Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
450977

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Mario\Impostazioni locali\Temporary Internet Files\Content.IE5\2QAPT1WU\apri[1].htm
Infected with: Exploit.Html.Codebase.Exec.Gen

C:\Documents and Settings\Mario\Impostazioni locali\Temporary Internet Files\Content.IE5\2QAPT1WU\apri[1].htm
Disinfection failed

C:\Documents and Settings\Mario\Impostazioni locali\Temporary Internet Files\Content.IE5\2QAPT1WU\apri[1].htm
Deleted

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP118\A0162091.dll
Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP118\A0162091.dll
Disinfection failed

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP118\A0162091.dll
Deleted

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP119\A0162187.dll
Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP119\A0162187.dll
Disinfection failed

C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}\RP119\A0162187.dll
Deleted

Fateme sapè
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Sponsor
 

Sempre io...

Postdi Palestinese » 28/08/06 16:31

Non mi abbandonate...
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi Luke57 » 28/08/06 17:26

Ciao, apri hijackthis, premi "open the misc tools section", "open process manager", cerca ed evidenzia questi processi:
C:\WINDOWS\Temp\rpen3.exe
C:\WINDOWS\System32:rgnhn.exe
premi kill process.
Torna alla pagina principale del programma con back, premi "Scan", cerca e spunta:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [rpen3.exe] C:\WINDOWS\Temp\rpen3.exe
O4 - HKLM\..\Run: [rgnhn.exe] C:\WINDOWS\System32:rgnhn.exe
premi fix checked.
Riapri hiajckthis, premi "open the misc tools section", "open ADS spy...". nella pagina successiva levi la spunta a "Quick scan", premi scan. Se al termine della scansione ti rileva questo:
C:\WINDOWS\System32:rgnhn.exe
lo evidenzi e premi Remove selected.

riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Elimina tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.

Da pannello di controllo, installazioni\applicazioni, elimina i programmi sospetti non installati da te, ad eccezione di LinkOptimizer (se è presente comunicacelo e basta)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Palestinese » 28/08/06 22:52

Killato i processi, e fixate le righe indicate, siamo passati a Open ADS Spy... e qui nascono i problemi.
Dallo scanning, infatti, viene fuori:

C:\WINDOWS\system32 : rgnhn.exe (5221 bytes)
C:\WINDOWS\system32 : wpaa.dll (8192 bytes)
C:\WINDOWS\system32 : rgnhn.exe (5221 bytes)
C:\WINDOWS\system32 : wpaa.dll (8192 bytes)

Ma se provo a rimuoverne uno solo o tutti mi esce un alert:

"The following ADS streams could not be deleted. They may be locked by another program". Comunque l'ho riavviato in modalità provvisoria; ho fatto tutte le pulizie che mi hai indicato; ho verificato che ho il LinkOptimizer e ho visto in rete di cosa si tratta...
Cacchio... Sono un pò preoccupato...


PS... Scusa webmaster ho clikkato nuovo topic due volte in software windows... sorry!

Ecco il nuovo HJT

Logfile of HijackThis v1.99.1
Scan saved at 23.17.20, on 28/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\SONYER~1\MOBILE~1\DbgOut.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht1_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://opalestinese.spaces.msn.com//Pho ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6781738572
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

aiutooooooooooo

Postdi Palestinese » 30/08/06 18:20

Vi prego aiutatemi. Dopo una faticosa procedura manuale (diversi sfare scaricati e alla fine ho dovuto cancellare il rootkit da dos con l’Avenger!) trovata in rete Linkoptimizer non compare più ma… dopo un po’ che mi connetto si riblocca tutto…Non si aprono nuove finestre, e si blocca ciò che ho aperto, Ctrl+Alt+Canc non viene nemmeno preso in considerazione dal PC che… devo resettare di forza e, come ora, devo ripristinare la configurazione precedente per scrivervi dalla modalità provvisoria!!!!!!! Ciò capita perfino se non mi connetto. Immaginate la difficoltà di fare una scansione on line… Ogni volta che finisce devo resettare il PC!!!
Ho rifatto la Scansione di Bitdefender e… Tutto OK.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 13.02.57, on 30/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\SONYER~1\MOBILE~1\DbgOut.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht1_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://opalestinese.spaces.msn.com//Pho ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6781738572
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: HMY - Unknown owner - C:\DOCUME~1\Antonio\IMPOST~1\Temp\HMY.exe (file missing)
O23 - Service: JJCGOMKM - Unknown owner - C:\DOCUME~1\Antonio\IMPOST~1\Temp\JJCGOMKM.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

L’ADS-Spy non dà risultati.

VirIt nemmeno.
L’Ad-Aware :
Ad-Aware SE Build 1.06r1
Logfile Created on:mercoledì 30 agosto 2006 13.25.07
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R119 15.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


30-08-2006 13.25.07 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Antonio\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1343024091-839522115-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 640
ThreadCreationTime : 30-08-2006 11.18.33
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 30-08-2006 11.18.40
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 30-08-2006 11.18.41
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 30-08-2006 11.18.41
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 30-08-2006 11.18.42
BasePriority : Normal


#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 30-08-2006 11.18.43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 30-08-2006 11.18.43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1768
ThreadCreationTime : 30-08-2006 11.18.45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 30-08-2006 11.18.51
BasePriority : Normal


#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 284
ThreadCreationTime : 30-08-2006 11.18.52
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:11 [btntservice.exe]
FilePath : C:\Programmi\IVT Corporation\BlueSoleil\
ProcessID : 528
ThreadCreationTime : 30-08-2006 11.18.52
BasePriority : High


#:12 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 30-08-2006 11.18.55
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:13 [smagent.exe]
FilePath : C:\Programmi\Analog Devices\SoundMAX\
ProcessID : 360
ThreadCreationTime : 30-08-2006 11.18.56
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:14 [drgtodsc.exe]
FilePath : C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\
ProcessID : 860
ThreadCreationTime : 30-08-2006 11.18.58
BasePriority : Normal
FileVersion : 6.0.0.209
ProductVersion : 6.0.0.209
ProductName : Drag-to-Disc
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright (c) 1999-2003 Roxio, Inc.
LegalTrademarks : Copyright (c) 1999-2003 Roxio, Inc.
OriginalFilename : BurnCtrl.EXE

#:15 [rxmon.exe]
FilePath : C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\
ProcessID : 388
ThreadCreationTime : 30-08-2006 11.18.58
BasePriority : Normal


#:16 [msgplus.exe]
FilePath : C:\Programmi\MessengerPlus! 3\
ProcessID : 864
ThreadCreationTime : 30-08-2006 11.18.59
BasePriority : Normal


#:17 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 30-08-2006 11.18.59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Modulo di esecuzione DLL come applicazioni
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : RUNDLL.EXE

#:18 [monlite.exe]
FilePath : C:\VEXPLITE\
ProcessID : 1004
ThreadCreationTime : 30-08-2006 11.18.59
BasePriority : Normal
FileVersion : 5.1
ProductVersion : 5, 1, 0, 1
ProductName : VirIT eXplorer Antivirus
CompanyName : TG Soft S.a.s.
FileDescription : Monitor dei processi VirIT Security Monitor
InternalName : MONITOR
LegalCopyright : Copyright © 1997, 2004
OriginalFilename : MONITOR.exe

#:19 [starwindservice.exe]
FilePath : C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\
ProcessID : 1200
ThreadCreationTime : 30-08-2006 11.19.00
BasePriority : Normal
FileVersion : 2.6.1 Build 0x20050401
ProductVersion : 2.6.1 Build 0x20050401
ProductName : StarWind
CompanyName : Rocket Division Software
FileDescription : StarWind iSCSI Target (Alcohol Edition)
InternalName : StarWind
LegalCopyright : Copyright (c) Rocket Division Software 2003-2005. All rights reserved.
OriginalFilename : StarWind

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1240
ThreadCreationTime : 30-08-2006 11.19.02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [winword.exe]
FilePath : C:\Programmi\Microsoft Office\OFFICE11\
ProcessID : 1356
ThreadCreationTime : 30-08-2006 11.19.03
BasePriority : Normal


#:22 [viritsvc.exe]
FilePath : C:\VEXPLITE\
ProcessID : 1372
ThreadCreationTime : 30-08-2006 11.19.03
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : TG Soft viritsvc
CompanyName : TG Soft Sas http://www.tgsoft.it
FileDescription : VirIT eXplorer Service
InternalName : viritsvc
LegalCopyright : Copyright © 2006
OriginalFilename : viritsvc.exe
Comments : VirIT eXplorer Service - http://www.tgsoft.it

#:23 [playlist.exe]
FilePath : C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\
ProcessID : 1728
ThreadCreationTime : 30-08-2006 11.19.17
BasePriority : Normal


#:24 [mpbtn.exe]
FilePath : C:\Programmi\Alice ti aiuta\bin\
ProcessID : 1096
ThreadCreationTime : 30-08-2006 11.19.18
BasePriority : Normal


#:25 [viritexp.exe]
FilePath : C:\VEXPLITE\
ProcessID : 1456
ThreadCreationTime : 30-08-2006 11.20.04
BasePriority : Normal
FileVersion : 5, 2, 0, 0
ProductVersion : 5, 2, 0, 0
ProductName : VirIT eXplorer Antivirus
CompanyName : TG Soft S.a.s.
FileDescription : VirIT eXplorer Antivirus for Windows
InternalName : Viritexp
LegalCopyright : Copyright © 1998, 2005
LegalTrademarks : TG Soft S.a.s.
OriginalFilename : viritexp.exe

#:26 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2120
ThreadCreationTime : 30-08-2006 11.22.42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE

#:27 [hijackthis.exe]
FilePath : C:\HJT\
ProcessID : 2180
ThreadCreationTime : 30-08-2006 11.23.51
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:28 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2248
ThreadCreationTime : 30-08-2006 11.24.48
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : antonio@studenti.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:antonio@studenti.adbureau.net/
Expires : 01-03-2007 2.00.00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : antonio@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:antonio@atdmt.com/
Expires : 28-08-2011 2.00.00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : antonio@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:antonio@bluestreak.com/
Expires : 26-08-2016 11.37.28
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : antonio@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:antonio@mediaplex.com/
Expires : 22-06-2009 2.00.00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 19



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : antonio@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Antonio\Impostazioni locali\Temp\Cookies\antonio@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mario@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mario\Cookies\mario@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mario@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mario\Cookies\mario@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mario@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mario\Cookies\mario@mediaplex[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

13.34.11 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.09.03.265
Objects scanned:136338
Objects identified:8
Objects ignored:0
New critical objects:8

Si BLOCCA anche all'avvio...

Webmaster non mi odiare... ho postato di nuovo in sfw windows....
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Nessuna risposta?

Postdi Palestinese » 31/08/06 13:53

Vi prego rispondetemi... anche per dirmi: Niente da fare!
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi Luke57 » 31/08/06 14:44

Ciao, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

fatto...

Postdi Palestinese » 01/09/06 09:32

Questo è il risultato del Rootkit...

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-01 10:28:07
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey

---- Modules - GMER 1.0.10 ----

Module _________ F846A000

---- EOF - GMER 1.0.10 ----


Questo quello dell'autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-01 10:29:01
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
BlueSoleil Hid Service /*BlueSoleil Hid Service*/@ = C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
SLService /*SmartLinkService*/@ = slserv.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@RoxioEngineUtility"C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" = "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
@RoxioDragToDisc"C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" = "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
@RoxioAudioCentral"C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" = "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{5E44E225-A408-11CF-B581-008029601108} /*Roxio DragToDisc Shell Extension*/C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll = C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll
@{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} /*My Media*/C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll = C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\SYSTEM32\blank.htm = C:\WINDOWS\SYSTEM32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://edit.europe.yahoo.com/config/mail?.intl=it = http://edit.europe.yahoo.com/config/mail?.intl=it
@Local PageC:\WINDOWS\SYSTEM32\blank.htm = C:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Alice ti aiuta.lnk

---- EOF - GMER 1.0.10 ----

Attendo le tue istruzioni
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Forse il rootkit è questo

Postdi Palestinese » 01/09/06 14:52

Temo di non aver clikkato scan...

E'questo il log rootkit...eh?

Ma sono 79 pagine di word!!! Come te le mando???!!!
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-01 15:50:26
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8231E9E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8231E9E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8231E9E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSEIRP_MJ_READ 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81F3D758
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81F3D758
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSEIRP_MJ_READ 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 81F3D758
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP_POWER 81F3D758
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8231E9E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 8231E9E8
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSEIRP_MJ_READ 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP_POWER 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_WRITE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_EA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_POWER 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP 81EA4C70
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 81EA4C70

---- Modules - GMER 1.0.10 ----

Module _________ F846A000

---- Files - GMER 1.0.10 ----

File C:\Documents and Settings\Microsoft\Application Data
File C:\Documents and Settings\Microsoft\Application Data\Microsoft
File C:\Documents and Settings\Microsoft\Application Data\Microsoft\Forms
File C:\Documents and Settings\Microsoft\Application Data\Microsoft\Forms\RefEdit.exd
File C:\Documents and Settings\Microsoft\Cookies
File C:\Documents and Settings\Microsoft\Cookies\index.dat
File C:\Documents and Settings\Microsoft\Cookies\microsoft@66.240.143[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@adv.virgilio[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@advip.virgilio[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@alibaba[2].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@google[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@microsoft[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@msn[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@msn[2].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@sea.search.msn[2].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@search.msn[1].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@www.msn[2].txt
File C:\Documents and Settings\Microsoft\Cookies\microsoft@yahoo[1].txt
File C:\Documents and Settings\Microsoft\Dati applicazioni
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\AcroForm
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\AcroForm\MRUFormsList
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\AdobeComFnt06.lst
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Collab
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Collab\OfflineDocs
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Collab\Reviews
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\eBook
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Preferences
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\TMGrpPrm.sav
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Updater
File C:\Documents and Settings\Microsoft\Dati applicazioni\Adobe\Acrobat\6.0\Updater\udstore.js
File C:\Documents and Settings\Microsoft\Dati applicazioni\AdobeUM
File C:\Documents and Settings\Microsoft\Dati applicazioni\desktop.ini
File C:\Documents and Settings\Microsoft\Dati applicazioni\Identities
File C:\Documents and Settings\Microsoft\Dati applicazioni\Identities\{04E70ABA-E89A-456C-BAB7-F929E94E782B}
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player\#SharedObjects
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\38MHJWBB
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player\macromedia.com
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support
File C:\Documents and Settings\Microsoft\Dati applicazioni\Macromedia\Flash Player\macromedia.com\support\flashplayer
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59

Postdi Palestinese » 01/09/06 14:59

Ne ho postate 14 di 79... improponibile... da qualche parte ho letto che te ne bastano 15 ultime righe...

Settings\Microsoft\Recent\coordinate banc.Ponti.lnk
File C:\Documents and Settings\Microsoft\Recent\coordinate banc.Ponti0001.lnk
File C:\Documents and Settings\Microsoft\Recent\CPP.lnk
File C:\Documents and Settings\Microsoft\Recent\Curriculum Vitae in italiano.lnk
File C:\Documents and Settings\Microsoft\Recent\Dancing Days x.lnk
File C:\Documents and Settings\Microsoft\Recent\data1.lnk
File C:\Documents and Settings\Microsoft\Recent\data2.lnk
File C:\Documents and Settings\Microsoft\Recent\Dazed and Confused x.lnk
File C:\Documents and Settings\Microsoft\Recent\Desktop.ini
File C:\Documents and Settings\Microsoft\Recent\disc 2.lnk
File C:\Documents and Settings\Microsoft\Recent\Disco rimovibile (H).lnk
File C:\Documents and Settings\Microsoft\Recent\Documenti - Mario.lnk
File C:\Documents and Settings\Microsoft\Recent\Documento1.lnk
File C:\Documents and Settings\Microsoft\Recent\ELENCO TELEFON.lnk
File C:\Documents and Settings\Microsoft\Recent\engine32.lnk
File C:\Documents and Settings\Microsoft\Recent\ESPOSITORI.lnk
File C:\Documents and Settings\Microsoft\Recent\Fantacalcio 2005.lnk
File C:\Documents and Settings\Microsoft\Recent\file.lnk
File C:\Documents and Settings\Microsoft\Recent\Floppy da 3,5 pollici (A).lnk
File C:\Documents and Settings\Microsoft\Recent\FUJIFILM CAMERA DIGITAL Q1 User's Manual.lnk
File C:\Documents and Settings\Microsoft\Recent\G[1].T.M.lnk
File C:\Documents and Settings\Microsoft\Recent\HELP.lnk
File C:\Documents and Settings\Microsoft\Recent\How The West Was Won 1.lnk
File C:\Documents and Settings\Microsoft\Recent\How The West Was Won 2.lnk
File C:\Documents and Settings\Microsoft\Recent\How the West was won.lnk
File C:\Documents and Settings\Microsoft\Recent\htwww2.lnk
File C:\Documents and Settings\Microsoft\Recent\IMAG0002.lnk
File C:\Documents and Settings\Microsoft\Recent\IMAG0005.lnk
File C:\Documents and Settings\Microsoft\Recent\IMAG0012.lnk
File C:\Documents and Settings\Microsoft\Recent\IMAG0022.lnk
File C:\Documents and Settings\Microsoft\Recent\Img1.lnk
File C:\Documents and Settings\Microsoft\Recent\Immagini.lnk
File C:\Documents and Settings\Microsoft\Recent\Incoming.lnk
File C:\Documents and Settings\Microsoft\Recent\INSTALL GUIDE (2).lnk
File C:\Documents and Settings\Microsoft\Recent\Install Guide.lnk
File C:\Documents and Settings\Microsoft\Recent\Install manual.lnk
File C:\Documents and Settings\Microsoft\Recent\INSTALL.lnk
File C:\Documents and Settings\Microsoft\Recent\Led Zeppelin - How The West Was Won (Live) Disc 2.lnk
File C:\Documents and Settings\Microsoft\Recent\LeggiMi.lnk
File C:\Documents and Settings\Microsoft\Recent\Liberatoria (2).lnk
File C:\Documents and Settings\Microsoft\Recent\Liberatoria.lnk
File C:\Documents and Settings\Microsoft\Recent\LISTINO PONTI.lnk
File C:\Documents and Settings\Microsoft\Recent\LISTINO_PONTI_2006_gruppo_.lnk
File C:\Documents and Settings\Microsoft\Recent\mare 2005.lnk
File C:\Documents and Settings\Microsoft\Recent\Moby Dick x.lnk
File C:\Documents and Settings\Microsoft\Recent\Musica campione.lnk
File C:\Documents and Settings\Microsoft\Recent\negozi biologici.lnk
File C:\Documents and Settings\Microsoft\Recent\Nero 6.3.lnk
File C:\Documents and Settings\Microsoft\Recent\nero.lnk
File C:\Documents and Settings\Microsoft\Recent\New Stories (Highway Blues).lnk
File C:\Documents and Settings\Microsoft\Recent\newlogo2.lnk
File C:\Documents and Settings\Microsoft\Recent\Per e-mail.lnk
File C:\Documents and Settings\Microsoft\Recent\Piccola.lnk
File C:\Documents and Settings\Microsoft\Recent\pl2303hx install Manual.lnk
File C:\Documents and Settings\Microsoft\Recent\PREPARAZIONE PRECAMPIONATO 2005-2006 capua futura.lnk
File C:\Documents and Settings\Microsoft\Recent\previone spese condominio.lnk
File C:\Documents and Settings\Microsoft\Recent\Progetto CD musicale senza titolo.lnk
File C:\Documents and Settings\Microsoft\Recent\raccolta 1.lnk
File C:\Documents and Settings\Microsoft\Recent\Risultati.lnk
File C:\Documents and Settings\Microsoft\Recent\Roberto Benigni - Dio E Berlusconi(1).lnk
File C:\Documents and Settings\Microsoft\Recent\Roberto Benigni - Ripeto Il Mio Schifo Per Berlusconi - 31-01-1990.lnk
File C:\Documents and Settings\Microsoft\Recent\ROXIO.lnk
File C:\Documents and Settings\Microsoft\Recent\Scugnizzi.lnk
File C:\Documents and Settings\Microsoft\Recent\Sinfonia n. 9 di Beethoven (Scherzo).lnk
File C:\Documents and Settings\Microsoft\Recent\Stampa di fax a pagina intera.lnk
File C:\Documents and Settings\Microsoft\Recent\TATOO.lnk
File C:\Documents and Settings\Microsoft\Recent\testi aerosmith big ones.lnk
File C:\Documents and Settings\Microsoft\Recent\titoli scugnizzi.lnk
File C:\Documents and Settings\Microsoft\Recent\Trivial Pursuit Trepidante Crack.lnk
File C:\Documents and Settings\Microsoft\Recent\Tutto Tony Tammaro cd1.lnk
File C:\Documents and Settings\Microsoft\Recent\Tutto Tony Tammaro cd2.lnk
File C:\Documents and Settings\Microsoft\Recent\Unità CD (2).lnk
File C:\Documents and Settings\Microsoft\Recent\Unità CD (3).lnk
File C:\Documents and Settings\Microsoft\Recent\Unità CD.lnk
File C:\Documents and Settings\Microsoft\Recent\Video - Antonio.lnk
File C:\Documents and Settings\Microsoft\Recent\What Is And What Should Be x.lnk
File C:\Documents and Settings\Microsoft\Recent\[PC-GAMES] Trivial Pursuit Unlimited Ita CD2 di 2.lnk
File C:\Documents and Settings\Microsoft\Risorse di rete
File C:\Documents and Settings\Microsoft\Risorse di stampa
File C:\Documents and Settings\Microsoft\SendTo
File C:\Documents and Settings\Microsoft\SendTo\Cartella compressa.ZFSendToTarget
File C:\Documents and Settings\Microsoft\SendTo\Desktop (crea collegamento).DeskLink
File C:\Documents and Settings\Microsoft\SendTo\desktop.ini
File C:\Documents and Settings\Microsoft\SendTo\Destinatario posta.MAPIMail
File C:\Documents and Settings\Microsoft\SendTo\Documenti.mydocs
File C:\Documents and Settings\Microsoft\SendTo\Unità Drag-to-Disc (î).lnk
File C:\Documents and Settings\Microsoft\UserData
File C:\Documents and Settings\Microsoft\UserData\81QBCHQV
File C:\Documents and Settings\Microsoft\UserData\85678DEF
File C:\Documents and Settings\Microsoft\UserData\CHIFKHMN
File C:\Documents and Settings\Microsoft\UserData\index.dat
File C:\Documents and Settings\Microsoft\UserData\WX230563
File C:\Documents and Settings\Microsoft\~
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{948CEB0D-1565-4F10-B207-DBAB0744598F}
Palestinese
Utente Junior
 
Post: 32
Iscritto il: 09/06/06 14:59


Torna a Sicurezza e Privacy


Topic correlati a "Connessione ADSL instabile. Aiutatemi a stanare...":


Chi c’è in linea

Visitano il forum: Nessuno e 62 ospiti

cron