Condividi:        

Problema singolare..

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema singolare..

Postdi zed84 » 13/02/07 12:59

Ciao ragazzi, ho un problema di spywere o malwere o chissà che. in pratica visualizzo link in siti che non li hanno (ovviamente portano a pagine di siti diversi tipo wlow.net); explorer è lentissimo e la cosa più assurda è che non mi riesco a visualizzare con questo computer molte delle pagine di siti di assistenza ( vedi il caro http://www.hijackthis.de!!).forse vi tornerà utile sapere che ho anche avuto due mesi fa il bravesentry, ma pensavo di averlo tolto.. ecco il mio file log di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12.59.13, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender9\bdmcon.exe
C:\Programmi\Softwin\BitDefender9\bdoesrv.exe
C:\Programmi\Softwin\BitDefender9\bdnagent.exe
C:\Programmi\Softwin\BitDefender9\bdswitch.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender9\vsserv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Winamp\winamp.exe
C:\Documents and Settings\Fede\Desktop\Zavagli\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9E58DA65-505B-3ADD-122D-773D30C675CE} - C:\WINDOWS\fwihc1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programmi\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Programmi\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

GRAZIE IN ANTICIPO :)
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Sponsor
 

Postdi Luke57 » 13/02/07 13:17

Ciao, scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i due report delle scansioni.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 13/02/07 22:06

ecco i due rapporti che mi hanno dato i programmi:

Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\system32\lpt4.rfb
\\?\C:\WINDOWS\system32\lpt4.rfb
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\bqlQU.exe
Removing protected file: C:\Programmi\File comuni\System\CFH.exe
Removing protected file: C:\Programmi\File comuni\System\cNkd.exe
Removing protected file: C:\Programmi\File comuni\System\csr.exe
Removing protected file: C:\Programmi\File comuni\System\dDq.exe
Removing protected file: C:\Programmi\File comuni\System\dhIn.exe
Removing protected file: C:\Programmi\File comuni\System\Dpjcqo.exe
Removing protected file: C:\Programmi\File comuni\System\eFkC.exe
Removing protected file: C:\Programmi\File comuni\System\ejj.exe
Removing protected file: C:\Programmi\File comuni\System\eld.exe
Removing protected file: C:\Programmi\File comuni\System\Fce.exe
Removing protected file: C:\Programmi\File comuni\System\FkL.exe
Removing protected file: C:\Programmi\File comuni\System\foRov.exe
Removing protected file: C:\Programmi\File comuni\System\FYDe.exe
Removing protected file: C:\Programmi\File comuni\System\gBb.exe
Removing protected file: C:\Programmi\File comuni\System\gdK.exe
Removing protected file: C:\Programmi\File comuni\System\giSY.exe
Removing protected file: C:\Programmi\File comuni\System\GNkRCL.exe
Removing protected file: C:\Programmi\File comuni\System\GSSX.exe
Removing protected file: C:\Programmi\File comuni\System\hHQ.exe
Removing protected file: C:\Programmi\File comuni\System\hsaG.exe
Removing protected file: C:\Programmi\File comuni\System\hTlS.exe
Removing protected file: C:\Programmi\File comuni\System\ifO.exe
Removing protected file: C:\Programmi\File comuni\System\iqy.exe
Removing protected file: C:\Programmi\File comuni\System\IWs.exe
Removing protected file: C:\Programmi\File comuni\System\izh.exe
Removing protected file: C:\Programmi\File comuni\System\iZrbO.exe
Removing protected file: C:\Programmi\File comuni\System\jSdwYT.exe
Removing protected file: C:\Programmi\File comuni\System\JWizE.exe
Removing protected file: C:\Programmi\File comuni\System\KCfL.exe
Removing protected file: C:\Programmi\File comuni\System\KdPzm.exe
Removing protected file: C:\Programmi\File comuni\System\KKHJP.exe
Removing protected file: C:\Programmi\File comuni\System\kkJ.exe
Removing protected file: C:\Programmi\File comuni\System\lJx.exe
Removing protected file: C:\Programmi\File comuni\System\LqpDdp.exe
Removing protected file: C:\Programmi\File comuni\System\LsRG.exe
Removing protected file: C:\Programmi\File comuni\System\LynBAU.exe
Removing protected file: C:\Programmi\File comuni\System\mCYNR.exe
Removing protected file: C:\Programmi\File comuni\System\MGowlU.exe
Removing protected file: C:\Programmi\File comuni\System\mHQFcN.exe
Removing protected file: C:\Programmi\File comuni\System\MId.exe
Removing protected file: C:\Programmi\File comuni\System\MnZ.exe
Removing protected file: C:\Programmi\File comuni\System\MYO.exe
Removing protected file: C:\Programmi\File comuni\System\MzH.exe
Removing protected file: C:\Programmi\File comuni\System\nGR.exe
Removing protected file: C:\Programmi\File comuni\System\npM.exe
Removing protected file: C:\Programmi\File comuni\System\OaxBwV.exe
Removing protected file: C:\Programmi\File comuni\System\OlJO.exe
Removing protected file: C:\Programmi\File comuni\System\OlkpeA.exe
Removing protected file: C:\Programmi\File comuni\System\owq.exe
Removing protected file: C:\Programmi\File comuni\System\Pdmv.exe
Removing protected file: C:\Programmi\File comuni\System\peEVN.exe
Removing protected file: C:\Programmi\File comuni\System\pYC.exe
Removing protected file: C:\Programmi\File comuni\System\qmL.exe
Removing protected file: C:\Programmi\File comuni\System\QXa.exe
Removing protected file: C:\Programmi\File comuni\System\qZcVUM.exe
Removing protected file: C:\Programmi\File comuni\System\RDANIB.exe
Removing protected file: C:\Programmi\File comuni\System\RhA.exe
Removing protected file: C:\Programmi\File comuni\System\rjK.exe
Removing protected file: C:\Programmi\File comuni\System\RQpIO.exe
Removing protected file: C:\Programmi\File comuni\System\RTI.exe
Removing protected file: C:\Programmi\File comuni\System\rZt.exe
Removing protected file: C:\Programmi\File comuni\System\sCk.exe
Removing protected file: C:\Programmi\File comuni\System\SeRZuf.exe
Removing protected file: C:\Programmi\File comuni\System\SfW.exe
Removing protected file: C:\Programmi\File comuni\System\sPAlPh.exe
Removing protected file: C:\Programmi\File comuni\System\Swwp.exe
Removing protected file: C:\Programmi\File comuni\System\TLp.exe
Removing protected file: C:\Programmi\File comuni\System\tpD.exe
Removing protected file: C:\Programmi\File comuni\System\TVa.exe
Removing protected file: C:\Programmi\File comuni\System\TyoZp.exe
Removing protected file: C:\Programmi\File comuni\System\UaU.exe
Removing protected file: C:\Programmi\File comuni\System\URcH.exe
Removing protected file: C:\Programmi\File comuni\System\UUI.exe
Removing protected file: C:\Programmi\File comuni\System\UUqz.exe
Removing protected file: C:\Programmi\File comuni\System\vKi.exe
Removing protected file: C:\Programmi\File comuni\System\vKM.exe
Removing protected file: C:\Programmi\File comuni\System\VKW.exe
Removing protected file: C:\Programmi\File comuni\System\vrvjA.exe
Removing protected file: C:\Programmi\File comuni\System\VShJ.exe
Removing protected file: C:\Programmi\File comuni\System\WJZ.exe
Removing protected file: C:\Programmi\File comuni\System\WLgAC.exe
Removing protected file: C:\Programmi\File comuni\System\wmhpFa.exe
Removing protected file: C:\Programmi\File comuni\System\wxVce.exe
Removing protected file: C:\Programmi\File comuni\System\XjgHNt.exe
Removing protected file: C:\Programmi\File comuni\System\Xno.exe
Removing protected file: C:\Programmi\File comuni\System\XPEUq.exe
Removing protected file: C:\Programmi\File comuni\System\XuH.exe
Removing protected file: C:\Programmi\File comuni\System\XyRNn.exe
Removing protected file: C:\Programmi\File comuni\System\yaC.exe
Removing protected file: C:\Programmi\File comuni\System\Ygn.exe
Removing protected file: C:\Programmi\File comuni\System\YhZH.exe
Removing protected file: C:\Programmi\File comuni\System\YivLCh.exe
Removing protected file: C:\Programmi\File comuni\System\yowxlA.exe
Removing protected file: C:\Programmi\File comuni\System\yWh.exe
Removing protected file: C:\Programmi\File comuni\System\YYb.exe
Removing protected file: C:\Programmi\File comuni\System\ZHU.exe
Removing protected file: C:\Programmi\File comuni\System\zOHfd.exe
Removing protected file: C:\Programmi\File comuni\System\zsY.exe
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\2A.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\71.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\fwihc1.dll
Removed!


Trojan.Gromozon Removed!

e il secondo programma della symatec :

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

Tutto molto positivo... se non fosse che ora non mi apre più niente.
Help! :eeh:
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 14/02/07 08:27

Ciao, che cosa vuol dire non si apre più niente? Posta, se possibile, novo log di hijackthis e descrivi meglio il problema.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 14/02/07 23:53

scusa, sono stato poco chiaro io. il problema è che ora non mi apre più nessun sito e non mi si collega neanche alla posta tramite outlook. il cavo di rete quando lo collego viene rilevato, ma non riesco a navigare. ecco il log dell'ultimo hijackthis dopo i due programmi:
Logfile of HijackThis v1.99.1
Scan saved at 23.50.10, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Fede\Desktop\Zavagli\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9E58DA65-505B-3ADD-122D-773D30C675CE} - C:\WINDOWS\fwihc1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\programmi\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Programmi\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecYaf - Unknown owner - C:\Programmi\File comuni\System\peEVN.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


grazie ancora!
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 15/02/07 12:48

Ciao, scarica system scan da qui (è un sistema di diagnosi, non apporta alcuma modifica):
http://www.suspectfile.com/systemscan

spunta tutte le caselle e premi su scan now
Il log viene salvato con il nome di report.txt nella cartella c:/suspectfile

Siccome il log è troppo lungo per essere incollato sul forum, mettilo su
http://www.easy-share.com
(clicchi su browse (sfoglia), selezioni il file di testo con il report e premi upload) e poi ricopi in un post il link che ti verrà fornito per scaricarlo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 15/02/07 15:02

sono davvero piacevolmente stupito dalla competenza che dimostrate su questo forum; penso che non mi schioderò più da qui.
comunque ecco il link del report
http://w12.easy-share.com/882063.html

ciao e grazie
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 15/02/07 16:02

Ciao, scarica questo fix e fallo girare:
http://www.suspectfile.com/upload/files ... stbfix.exe

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E58DA65-505B-3ADD-122D-773D30C675CE}
HKLM\SYSTEM\CurrentControlSet\Services\SecYaf
HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk
HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt
HKLM\SYSTEM\CurrentControlSet\Services\Processorort
HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage
HKLM\SYSTEM\CurrentControlSet\Services\ql108020
HKLM\SYSTEM\CurrentControlSet\Services\ql12400

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 1
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList | MXLshiX

Folders to delete:
C:\documents and settings\MXLshiX

Files to delete:
C:\WINDOWS\service32.exe
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR10.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR11.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR12.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR13.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR14.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR15.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR16.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR17.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR18.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR19.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1A.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1B.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1C.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1D.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1E.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR1F.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR20.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR21.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR22.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR23.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR24.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR25.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR26.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR27.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR28.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR29.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2A.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2B.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2C.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2D.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2E.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR2F.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR30.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR31.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR32.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR33.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR34.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR35.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR36.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR37.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR38.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR39.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3A.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3B.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3C.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3D.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3E.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR3F.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR40.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR41.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR42.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR43.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR44.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR45.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR46.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR47.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR48.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR49.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4A.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4B.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4C.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4D.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4E.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR4F.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR50.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR51.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR52.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR53.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR54.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR55.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR56.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR57.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR58.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR59.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5A.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5B.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5C.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5D.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5E.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR5F.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR60.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR61.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR62.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR63.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR64.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR65.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR66.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR67.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR68.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR69.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR7.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR8.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXR9.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRA.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRB.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRC.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRD.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRE.tmp
C:\Documents and Settings\Fede\Impostazioni locali\Temp\PXRF.tmp
C:\Programmi\File comuni\System\DGLwGQ.exe
C:\Programmi\File comuni\System\DTCU.exe
C:\Programmi\File comuni\System\eUV.exe
C:\Programmi\File comuni\System\mWPX.exe
C:\Programmi\File comuni\System\teb.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 19/02/07 18:31

Ciao, ho seguito come al solito tutte le indicazioni alla lettera. Non riesco ancora a aprire nessun sito o server di posta, inoltre ora mi si è creato un nuovo profilo utente di windows all'inizio (MxLshiX) con tanto di password! help! e credo pure che venga visualizzato come amministratore..
ecco comunque il report di avenger:
L o g f i l e o f T h e A v e n g e r v e r s i o n 1 , b y S w a n d o g 4 6

R u n n i n g f r o m r e g i s t r y k e y :

\ R e g i s t r y \ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ y a p g s e n i



* * * * * * * * * * * * * * * * * * *



S c r i p t f i l e l o c a t e d a t : \ ? ? \ C : \ D o c u m e n t s a n d S e t t i n g s \ u s d h y d b q . t x t

S c r i p t f i l e o p e n e d s u c c e s s f u l l y .



S c r i p t f i l e r e a d s u c c e s s f u l l y



B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



* * * * * * * * * * * * * * * * * * *



B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ S e c Y a f d e l e t e d s u c c e s s f u l l y .





R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f N e t k n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f N e t k f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f N e t k

S t a t u s : 0 x c 0 0 0 0 0 3 4







R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f O S t n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f O S t f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P e r f O S t

S t a t u s : 0 x c 0 0 0 0 0 3 4







R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P r o c e s s o r o r t n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P r o c e s s o r o r t f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P r o c e s s o r o r t

S t a t u s : 0 x c 0 0 0 0 0 3 4







R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P S c h e d t e d S t o r a g e n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P S c h e d t e d S t o r a g e f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ P S c h e d t e d S t o r a g e

S t a t u s : 0 x c 0 0 0 0 0 3 4







R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 0 8 0 2 0 n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 0 8 0 2 0 f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 0 8 0 2 0

S t a t u s : 0 x c 0 0 0 0 0 3 4







R e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 2 4 0 0 n o t f o u n d !

D e l e t i o n o f r e g i s t r y k e y H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 2 4 0 0 f a i l e d !



C o u l d n o t p r o c e s s l i n e :

H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ q l 1 2 4 0 0

S t a t u s : 0 x c 0 0 0 0 0 3 4



F o l d e r C : \ d o c u m e n t s a n d s e t t i n g s \ M X L s h i X d e l e t e d s u c c e s s f u l l y .





F i l e C : \ W I N D O W S \ s e r v i c e 3 2 . e x e n o t f o u n d !

D e l e t i o n o f f i l e C : \ W I N D O W S \ s e r v i c e 3 2 . e x e f a i l e d !



C o u l d n o t p r o c e s s l i n e :

C : \ W I N D O W S \ s e r v i c e 3 2 . e x e

S t a t u s : 0 x c 0 0 0 0 0 3 4



F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 1 F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 2 F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 3 F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 4 F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 5 F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 0 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 1 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 2 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 3 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 4 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 5 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 6 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 6 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 7 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 8 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R 9 . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R A . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R B . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R C . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R D . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R E . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ D o c u m e n t s a n d S e t t i n g s \ F e d e \ I m p o s t a z i o n i l o c a l i \ T e m p \ P X R F . t m p d e l e t e d s u c c e s s f u l l y .

F i l e C : \ P r o g r a m m i \ F i l e c o m u n i \ S y s t e m \ D G L w G Q . e x e d e l e t e d s u c c e s s f u l l y .

F i l e C : \ P r o g r a m m i \ F i l e c o m u n i \ S y s t e m \ D T C U . e x e d e l e t e d s u c c e s s f u l l y .

F i l e C : \ P r o g r a m m i \ F i l e c o m u n i \ S y s t e m \ e U V . e x e d e l e t e d s u c c e s s f u l l y .

F i l e C : \ P r o g r a m m i \ F i l e c o m u n i \ S y s t e m \ m W P X . e x e d e l e t e d s u c c e s s f u l l y .

F i l e C : \ P r o g r a m m i \ F i l e c o m u n i \ S y s t e m \ t e b . e x e d e l e t e d s u c c e s s f u l l y .

R e g i s t r y v a l u e H K L M \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ W i n d o w s | A p p I n i t _ D L L s r e p l a c e d w i t h d u m m y s u c c e s s f u l l y .

R e g i s t r y k e y H K L M \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ B r o w s e r H e l p e r O b j e c t s \ { 9 E 5 8 D A 6 5 - 5 0 5 B - 3 A D D - 1 2 2 D - 7 7 3 D 3 0 C 6 7 5 C E } d e l e t e d s u c c e s s f u l l y .

R e g i s t r y v a l u e H K L M \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r \ R u n | 1 d e l e t e d s u c c e s s f u l l y .

R e g i s t r y v a l u e H K L M \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ W i n l o g o n \ S p e c i a l A c c o u n t s \ U s e r L i s t | M X L s h i X d e l e t e d s u c c e s s f u l l y .



C o m p l e t e d s c r i p t p r o c e s s i n g .



* * * * * * * * * * * * * * * * * * *



F i n i s h e d ! T e r m i n a t e .

incrocio ancora le dita.. grazie!
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 20/02/07 08:43

Ciao, hai usato il tool per Rustock.b ?
Se l'hai fatto posta il report.

Inoltre, premi start>esegui>nello spazio digita
control userpasswords2>OK
Nella finestra Account utente che si apre cerca l’utenza e rimuovila.

Apri hiajckthis, premi "open the misc tools section", "open uninstall manager", cerca tra le applicazioni le seguenti:

LinkOptimizer
-ConnectionService
-Power Verify
-StrongestGuard
-ConnectionKnight
-StrongestOptimizer
-SecurityOptimizer
-InternetOptimizer
-StrongestPaladin
-SecurityGuard
-InternerGuard
-InternetShield
qualunque trovi la evidenzi e premi il tasto "delete this entry".
Poi scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 20/02/07 19:28

Rustbfix mi dice:
************************* Rustock.b-fix -- By ejvindh *************************
20/02/2007 15.30.15,60


No Rustock.b-rootkits found


******************************* End of Logfile ********************************

Ho poi cercato con hijackthis se c’era uno dei file da te elencati, ma non ho trovato nulla. Fortunatamente sono riuscito a eliminare il profilo di windows che si era creato in più!
Ecco i report da te richiesti:
per il primo report devo dire che la casella ADS era già selezionata.

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-20 19:17:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwClose
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Programmi\Softwin\BitDefender9\bdrsdrv.sys ZwUnloadKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F636A62C 5 Bytes JMP 865AA970

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\Softwin\BitDefender9\bdoesrv.exe[288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Softwin\BitDefender9\bdswitch.exe[304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[388] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A3090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\RTHDCPL.exe[432] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text ...
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\wcescomm.exe[556] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe[648] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[672] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\winlogon.exe[704] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1156] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\iPod\bin\iPodService.exe[1300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\explorer.exe[1340] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\nvsvc32.exe[1552] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003C3090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2132] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!sendto 71A32C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!recvfrom 71A32D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!bind 71A33E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!connect 71A3406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!send 71A3428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!gethostbyname 71A34FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!listen 71A388D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2300] WS2_32.dll!accept 71A41028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Fede\Desktop\Zavagli\gmer.exe[2456] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D21D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 865A91D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867D41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867D41D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8659D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{406DCFB4-7D1D-450F-9D63-807AEFBEC2A9} IRP_MJ_PNP 857C41D8
Device \Driver\00000030 \Device\00000049 IRP_MJ_POWER [F7420DB6] sptd.sys
Device \Driver\00000030 \Device\00000049 IRP_MJ_SYSTEM_CONTROL [F743673C] sptd.sys
Device \Driver\00000030 \Device\00000049 IRP_MJ_PNP [F742F77E] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867701D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867701D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865911D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865911D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8676F1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 857C41D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 857C41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865A91D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 865A91D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\0000006d IRP_MJ_PNP 867D31D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8659D1D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 8659D1D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 867D31D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85EED1D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 867D31D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 867D31D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85EED1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85EED1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867701D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867701D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_CREATE 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_CLOSE 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_DEVICE_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_INTERNAL_DEVICE_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_POWER 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_SYSTEM_CONTROL 863241D8
Device \Driver\a50powx2 \Device\Scsi\a50powx21 IRP_MJ_PNP 863241D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8576A2D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8576A2D8

---- Files - GMER 1.0.12 ----

ADS C:\WINDOWS\system32:lzx32.sys

---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-20 19:18:42
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = sockspy.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
CCALib8 /*Canon Camera Access Library 8*/@ = C:\Programmi\Canon\CAL\CALMAIN.exe
LIVESRV /*BitDefender Desktop Update Service*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
VSSERV /*BitDefender Virus Shield*/@ = "C:\Programmi\Softwin\BitDefender9\vsserv.exe" /service
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BDMCon"C:\Programmi\Softwin\BitDefender9\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
@BDOESRV"C:\Programmi\Softwin\BitDefender9\bdoesrv.exe" = "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
@BDNewsAgent"C:\Programmi\Softwin\BitDefender9\bdnagent.exe" = "C:\Programmi\Softwin\BitDefender9\bdnagent.exe"
@BDSwitchAgent"C:\Programmi\Softwin\BitDefender9\bdswitch.exe" = "C:\Programmi\Softwin\BitDefender9\bdswitch.exe"
@NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
@D-Link AirPlus G"C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" = "C:\Programmi\D-Link\AirPlus G\AirGCFG.exe"
@ANIWZCS2Service"C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" = "C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
@NvMediaCenter"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@NeroFilterCheck"C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" = "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"C:\PROGRA~1\MICROS~3\wcescomm.exe" = "C:\PROGRA~1\MICROS~3\wcescomm.exe"
@Steam"C:\Programmi\Steam\Steam.exe" -silent = "C:\Programmi\Steam\Steam.exe" -silent

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MICROS~3\Wcesview.dll = C:\PROGRA~1\MICROS~3\Wcesview.dll
@{B9E1D2CB-CCFF-4A
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi zed84 » 20/02/07 19:32

@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Programmi\Softwin\BitDefender9\bdshelxt.dll = C:\Programmi\Softwin\BitDefender9\bdshelxt.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers >>>
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Programmi\Softwin\BitDefender9\bdshelxt.dll = C:\Programmi\Softwin\BitDefender9\bdshelxt.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk

---- EOF - GMER 1.0.12 ----

Ho avuto problemi a usare questo programma unicamente perché mi si spegneva in continuazione il pc.. grazie mille e scusate per lo sbarellamento del forum
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 21/02/07 08:11

Ciao, spesso lo fa questo programma di causare crash . Lo riavvii, ti sposti sul tab. Rootkit, spunti solo le caselle files e ADS , al termine selezioni questo (o altri riferimenti al file):
ADS C:\WINDOWS\system32:lzx32.sys
con il tasto x del file e scegli "delete file".
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 21/02/07 13:27

ok, dopo che ha finito la scansione però oltre che dal programma, anche bitdefender lo rileva e lo classifica come minaccia. a quel punto faccio comunque per cancellarlo ma non lo cancella (ERROR...). Internet non va ancora, ripetendo la scansione con il nuovo programma e con l'antivirus chiuso mi rileva comunque il file da te citato, ma anche in questo caso non lo cancella. sono un pò perplesso, che succede? :(
grazie delle tue risposte
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 21/02/07 13:47

Ciao, non ho capito bene, con Gmer hai provato ad eliminarlo? Anche se dà errore dovrebbe toglierlo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 21/02/07 14:02

Con Gmer ho provato a eliminarlo, ma una volta che clicco sul sì, mi dà errore e il file resta lì dove è, ora non so se comunque viene eliminato anche se non scompare dalla schermata..
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 21/02/07 19:54

Ciao, riesegui lo scan con Gmer e vedi se la voce ricompare.

Poi riutilizza Avenger, con la metodica già provata, inserendo questo script:

files to delete:
C:\WINDOWS\system32\lzx32.sys


Inoltre da qui scarica winsockfix
http://www.spychecker.com/program/winsockxpfix.html
lo metti sul destopo, lo avvi, premi Fix.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 23/02/07 15:45

con gmer riappare, ho provato a usare avenger, il quale mi dice:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ltjoiopj

*******************

Script file located at: \??\C:\Documents and Settings\qncqmabi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\lzx32.sys not found!
Deletion of file C:\WINDOWS\system32\lzx32.sys failed!

Could not process line:
C:\WINDOWS\system32\lzx32.sys
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

ho poi utilizzato anche winsockxpfix ma la situazione è rimasta invariata anche se il programma sembrava garantire la navigazione su internet.
ho provato a vedere poi per scrupolo se con Gmer usciva di nuovo il file e ho notato con mio dispiacere che non è cambiato nulla neanche lì. comincio a pensare che la soluzione migliore sia un acido per metalli..
grazie ciao!
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Postdi Luke57 » 24/02/07 08:30

Ciao, apri Gmer, entra in Avanzate, premi il tab Services, premi scan, se trovi ilservizio denominato pe386 che fa riferimento alla locazione //??/C:\WINDOWS\System32:lzx32.sys., click con il tasto destro del mouse e scegli “delete service“. Dare OK nei messaggi successivi.

Scarica questo programma: Ads Revelear da qui:

http://www.nod32.it/getfile.php?tool=adsr

Fai una scansione che dovrebbe rilevare il file
C:\WINDOWS\system32:lzx32.sys
Seleziona clean per eliminare il rootkit.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi zed84 » 26/02/07 15:03

Ciao, Gmer non rileva niente in service. Tuttavia il programma di nod32 ha trovato il file e lo ha eliminato, però il problema di internet non è ancora stato risolto, ho scoperto tra l'altro che l'antivirus si riesce a aggiornare; ma mi è ancora impossibile navigare su internet sia su mozilla che su iexplorer. non capisco.. :undecided:
ciao e grazie
zed84
Utente Junior
 
Post: 12
Iscritto il: 12/02/07 16:13

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Problema singolare..":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 24 ospiti