Condividi:        

Virus allucinante

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus allucinante

Postdi albertozan » 25/02/07 10:12

Un saluto a tutti, sono un nuovo utente e chiedo umilmente aiuto a voi esperti (ma prometto che appena migliorerò le mie scarse conoscenze informatiche aiuterò anch’io.;).) perché nel mio computer si è nascosto
un virus che non riesco a rimuovere/identificare.
Uso la suite di protezione Kaspersky 6.0, ho usato anche Prevx1… ho usato anche virustotal, e infine ho fatto una scansione con spybot ma niente.

Il problema è il seguente: c’è un sofware dialer che tenta la connessione a numeri tipo 800……ecc. Kaspersky 6.0 lo riconosce, mi da la possibilità di negare l’autorizzazione alla connessione e (lo stesso antivirus)
fa riferimento a questi processi:c:\window\system32\winlogow.exe, c:\window\system32\spoolsv.exe,
c:\window\system32\suehost.exe….tutti files che forse è meglio non rimuovere…..;)
Il problema si verifica sia quando non sono connesso a internet (adsl) sia quando lo sono (in quest’ultimo caso mi interrompe la connessione e sono
costretto a riconnettermi).

Penso che l’ultima spiaggia sia hijack this (che tra l'altro dovrei usare per la prima volta quindi, nell'eventualità, abbiate tanta pazienza ), ma questo virus non solo non mi lascia aprire i siti che riguardano hijackthis ma non me lo lascia comunque aprire (l'ho solo installato inviandolo tramite e-mail da un altro computer). Ho letto in giro che in questi casi si deve utilizzare l'applicazione "smartkiller", ma quando faccio per aprirla esce un messaggio che dice "CoolWWWSearch.Smartkiller(v1/v2) has not been found on your system".

Ragazzi AIUTOOOOOOOOOOOOO....sono nelle vostre mani!
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Sponsor
 

Postdi albertozan » 25/02/07 15:34

upgrade.....non si apre neppure runalyzer, a questo punto facendo riferimento ad un suggerimento dell'esperto luke57 su un altro thread ("aiuto!!! ho un hacker e non so come toglierlo") vi posto i processi attivi nel mio compoter (task manager):
wmiprvse.exe
alg.exe
RtkBtMnt.exe
soffice.BIN
SOFFICE.EXE
unsecapp.exe
mpbtn.exe
taskmgr.exe
GoogleToolbarNot...
Skype.exe
msmsgs.exe
ctfmon.exe
avp.exe
mcrdsvc.exe
svchost.exe
CPSHelpRunner.EXE
svchost.exe
AcroRd32.exe
wmiprvse.exe
DrgToDsc.exe
PXConsole.exe
RegSrvc.exe
DMXLauncher.exe
dllhost.exe
RoxWatchTray9....
daemon.exe
jusched.exe
ElkCtrl.exe
CameraAssistant....
LVCOMSX.EXE
LManager.exe
ePower_DMC.exe
rundll32.exe
iexplore.exe
Monitor.exe
eDSloader.exe
admtray.exe
PXAgent.exe
SynTPEnh.exe
ehSched.exe
igfxsrvc.exe
ehmsas.exe
nvsvc32.exe
svchost.exe
RTHDCPL.EXE
svchost.exe
iexplore.exe
S24EvMon.exe
EvtEng.exe
rundll32.exe
admServ.exe
svchost.exe
svchost.exe
ehtray.exe
svchost.exe
Isass.exe
services.exe
winlogon.exe
csrss.exe
avp.exe
modmbeya.exe
LVPrcSrv.exe
spoolsv.exe
smss.exe
ehRecvr.exe
svchost.exe
Explorer.EXE
compaq-speed.exe
Ciclo idle del sistema

.....ancora aiuto
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 25/02/07 15:42

Ciao, il processo che impedisce l'esecuzione dei tool dovrebbe essere questo:
compaq-speed.exe (almeno spero ;)
apri il task manager, lo evidenzi e premi termina processo.
A questo punto, scarichi e utilizzi hijackthis.
Scompatti il file .zip, estrai hijackthis.exe in una cartella del disco fisso appositamente creata, tipo C:\HJT.
Dalla nuova cartella, avvii hijackthis.exe, premi "do a system scan and save a log file", attendi l'elaborazione completa di un file di testo, al termine selezioni e copi tutto il suo contenuto. Apri un post e incolli (Ctrl+v) il log copiato.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 25/02/07 15:53

Ciao Luke, grazie a te mi parte hijack ecco il log:


Logfile of HijackThis v1.99.1
Scan saved at 15.51.31, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\system32\services.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\eMule\Incoming\DAEMON Tools\daemon.exe
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Programmi\Roxio\Media Experience\DMXLauncher.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\DOCUME~1\Alberto\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\IZARC\IZARC.EXE
C:\DOCUME~1\Alberto\IMPOST~1\Temp\ARC5\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\compaq-speed.exe",
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\eMule\Incoming\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmi\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{585D92EE-3F6B-4BEB-9110-43AB0AA379F8}: NameServer = 151.99.125.1,151.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB7EF48-041E-4456-BB38-181AB01E2959}: NameServer = 151.99.125.1,151.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E20A791B-319C-45E7-B1F1-9E76E0237F6F}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{585D92EE-3F6B-4BEB-9110-43AB0AA379F8}: NameServer = 151.99.125.1,151.1.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\File comuni\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\File comuni\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 25/02/07 16:17

Ciao, scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
e tienilo da parte.
Apri hiajckthis, premi "do a system scan only", cerca e spunta le seguenti voci:
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\compaq-speed.exe",
premi fix checked.
Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Con AVgpfix, elimina il seguente file:
c:\windows\system32\compaq-speed.exe
(basta lanciarlo, premere Start, individuare il file nel percorso ad albero e premere OK)

Poi scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i due report delle scansioni.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 26/02/07 00:54

Ecco Luke57 ho fatto i compiti per casa ;)

Ecco il risultato di Prevx:

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components

Ecco quello della Symantec:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

In attesa di eventuali istruzioni, ti ringrazio fin d'ora!!!
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi albertozan » 26/02/07 01:03

upgrade...è ancora presente nel computer...
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi albertozan » 26/02/07 14:04

upgrade....Kaspesky mi ha bloccato un nuovo tentativo di connessione e ha fatto riferimento ad un file nella cartella Temp con l'icona a forma di bocca che poi ho provveduto ad eliminare con avgpfix. Anche chiudendo e riaccendendo il computer ora sembra sia stato finalmente debellato!!!

Ancora grazie Luke, sei stato gentilissimo
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi albertozan » 27/02/07 18:44

....niente da fare dopo 2 giorni tranquilli il bastardo è ritornato :(, Kaspersky mi blocca il tentativo di connessione del dialer e fa riferimento sempre ad un file (che ha cambiato nome) in c:\\windows\temp con l'icona a forma di bocca. L'ho ricancellato, ma penso non ci metta molto a ripresentarsi :(
Cosa posso fare? Luke aiuto...!!!
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi alexbizzo » 27/02/07 20:23

ciao io non sono molto esperto..ma anch'io come te sn incappato in alcuni dialer bastardi che si infiltrano ovunque e non riesci mai a cancellarli!! T dico come ho risolto io, forse non è molto "pulita" o definitiva come soluzione ma se fai così non ti dovrebbe dare più problemi. In sunto consiste nell'impedire l'avvio automatico a questo file. vai su esegui e digiti "msconfig" poi su avvio e spunti il file ke ti da fastidio....non so se ho azzecato il problema spero di esserti stato d'aiuto! ciao
alexbizzo
Newbie
 
Post: 1
Iscritto il: 27/02/07 19:04

Postdi Luke57 » 27/02/07 20:32

Ciao, prova questi tools:
http://greatis.com/reanimator.zip

ISTRUZIONI
1. Apri reanimator.exe.
2. Clicca su "Remove Rustock Rootkit".
3. Sarai avvistato che stai per usare "RootkitNO" .
4. Avvialo!
5. Sarai avvisato di riavviareil r computer.
6. Dopo il riavvio, il file Rustock sarà rimosso usando Partizan.
Al termine del processo di rimozione, puoi rimuoverePartizan dall'avvio di Windows .

Click su "UnInstall Partizan" .

Puoi anche eliminare la cartella "RootkitNo" dal disco dove hai installato Windows.

Tool n.2 (se il primo non fosse bastato):
http://www.uploads.ejvindh.net/rustbfix.exe
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 01/03/07 20:28

....anche questi tool sono stati sconfitti :( , il bastardo ricompare a cadenza di 24 ore (il file cambia nome e ha sempre l'icona a forma di bocca)....Luke cosa si fa?? help me
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 02/03/07 09:16

albertozan ha scritto:....anche questi tool sono stati sconfitti :( , il bastardo ricompare a cadenza di 24 ore (il file cambia nome e ha sempre l'icona a forma di bocca)....Luke cosa si fa?? help me

Ciao, scarica SystemScan
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su:
http://www.easy-share.com
carica il file (premendo Sfoglia e poi il tasto Upload) , ti sarà fornito l'URL per scaricarlo. Incolla in un post tale URL.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 02/03/07 17:42

Ho indovinato l’oggetto, questo virus è proprio allucinante….quando procedo alla scansione con suspectfile mi si aprono una dietro l’altra una infinità di finistre di dialogo che poi non riesco più a chiudere e che mi costringono a riavviare il computer. Finestre del tipo:”Protezione esecuzione programmi-per facilitare la protezione del computer, il programma è stato chiuso – modulo di esecuzione ddl come applicazioni – Debugger post mortem Dott. Watson.
Luke?aiutoooo

P.s. non riesco a spuntare l'ultima casella di suspect file (quella relativa ad hijack)
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 02/03/07 22:36

Ciao, ma questo file (compaq-speed.exe) l'hai eliminato?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 03/03/07 00:26

ciao, quel file l'avevo già cancellato con avigpfix. Ho riprovato a fare lo scan con suspecfile ma dopo pochi secondi il computer si blocca (questa volta con una schermata blu) e mi tocca spegnerlo e riaccenderlo...
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 03/03/07 08:02

Ciao, vai qui e scarica Virit ultima versione:
http://www.tgsoft.it/italy/index_ita.html
aggiornalo alle ultime definizioni e fai una scansione.
Riavvia in mod.provvisoria (premendo ripetutamente il tasto f8 all'accensione del computer prima che si carichi windows e nella schermata che appare, scegliere modalità provvisoria spostandoti con le freccette e confermando la scelta con Invio) ed esegui un’altra scansione.
Riavvia in mod.normale e Scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum. Posta anche i report delle scansioni di virit
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 04/03/07 17:26

Ciao Luke, allora ecco i risultati di virit:
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
04/03/2007 - 15:24:01

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX1\catchme.exe Possibile variante da Trojan.SoundMx
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX0\catchme.exe Possibile variante da Trojan.SoundMx
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX2\catchme.exe Possibile variante da Trojan.SoundMx

Chiavi Registro infette: 0.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 58521.
Files Totali: 58521.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------

Ecco il log in modalità provvisoria:

04/03/2007 - 15:46:32

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX1\catchme.exe Possibile variante da Trojan.SoundMx
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX0\catchme.exe Possibile variante da Trojan.SoundMx
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\RarSFX2\catchme.exe Possibile variante da Trojan.SoundMx
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------

ecco i risultati con gmer

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-04 17:21:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF2E 5 Bytes JMP B738A6C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF718 5 Bytes JMP B738AB50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP B738CE10 \??\C:\WINDOWS\system32\drivers\klif.sys
.text USBPORT.SYS!DllUnload B9E6C7AE 5 Bytes JMP 8A5051B8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8A5371D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8A5371D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_CREATE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_CLOSE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_INTERNAL_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_CLEANUP 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{585D92EE-3F6B-4BEB-9110-43AB0AA379F8} IRP_MJ_PNP 89819690
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8A3DE1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A55A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A55A1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 8A3DE1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 8A3B71D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8A55B1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE [B9E0A012] OsaFsLoc.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE [B9E0A012] OsaFsLoc.sys
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A47C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A47C980
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8A55B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 8A5581D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 8A5581D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 89819690
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 89819690
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 89819690
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 89819690
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 89819690
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 8A3DE1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 89806600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 89806600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 8A3DE1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 89806600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 89806600
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 8A3DE1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 8A3DE1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_CREATE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_CLOSE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_INTERNAL_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_CLEANUP 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{E20A791B-319C-45E7-B1F1-9E76E0237F6F} IRP_MJ_PNP 89819690
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A55B1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A55B1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 8A3B71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 8A3B71D8
Device \Driver\00000133 \Device\0000007f IRP_MJ_POWER [BA6DFD74] sptd.sys
Device \Driver\00000133 \Device\0000007f IRP_MJ_SYSTEM_CONTROL [BA6F92A2] sptd.sys
Device \Driver\00000133 \Device\0000007f IRP_MJ_PNP [BA6FA228] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_CREATE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_CLOSE 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_INTERNAL_DEVICE_CONTROL 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_CLEANUP 89819690
Device \Driver\NetBT \Device\NetBT_Tcpip_{A9CEABE6-9768-4B64-8DCF-FBE5565FA345} IRP_MJ_PNP 89819690
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_CREATE 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_POWER 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1Port2Path0Target0Lun0 IRP_MJ_PNP 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_CREATE 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_CLOSE 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_DEVICE_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_POWER 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_SYSTEM_CONTROL 8A514980
Device \Driver\abee4x8x \Device\Scsi\abee4x8x1 IRP_MJ_PNP 8A514980
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8A5371D8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8A5371D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [B5C18756] DLAIFS_M.SYS
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 89511980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 89511980

---- Threads - GMER 1.0.12 ----

Thread 4:168 8A41C8E0
Thread 4:172 8A41C8E0
Thread 4:176 8A3F48D0
Thread 4:180 8A3F48D0
Thread 4:184 8A3F48D0
Thread 4:532 8A41C8E0
Thread 4:784 8A41C8E0
Thread 4:920 8A41C8E0

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-03-04 17:23:11
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\SYSTEM32\Userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Internet Security 6.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
AWService /*AdminWorks Agent X6*/@ = "C:\Acer\Empowering Technology\admServ.exe"
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
EvtEng /*Intel(R) PROSet/Wireless Event Log*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Programmi\File comuni\LightScribe\LSSrvc.exe"
LVPrcSrv /*Logitech Process Monitor*/@ = c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\mcrdsvc.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
RegSrvc /*Intel(R) PROSet/Wireless Registry Service*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
Roxio Upnp Server 9 /*Roxio Upnp Server 9*/@ = "C:\Programmi\File comuni\Sonic Shared\RoxioUpnpService9.exe"
RoxLiveShare9 /*LiveShare P2P Server 9*/@ = "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
RoxWatch9 /*Roxio Hard Drive Watcher 9*/@ = "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
S24EventMonitor /*Intel(R) PROSet/Wireless Service*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@LaunchAppAlaunch = Alaunch
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@SkyTelSkyTel.EXE = SkyTel.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@AzMixerSelC:\Programmi\Realtek\InstallShield\AzMixerSel.exe = C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ntiMUIC:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe = C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
@ /*file not found*/ = /*file not found*/
@ADMTray.exe"C:\Acer\Empowering Technology\admtray.exe" = "C:\Acer\Empowering Technology\admtray.exe"
@eDataSecurity LoaderC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@ePower_DMCC:\Acer\Empowering Technology\ePower\ePower_DMC.exe = C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
@Acer ePower ManagementC:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot /*file not found*/ = C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot /*file not found*/
@LManagerC:\PROGRA~1\LAUNCH~1\LManager.exe = C:\PROGRA~1\LAUNCH~1\LManager.exe
@eRecoveryServiceC:\Acer\Empowering Technology\eRecovery\Monitor.exe = C:\Acer\Empowering Technology\eRecovery\Monitor.exe
@LVCOMSXC:\WINDOWS\system32\LVCOMSX.EXE = C:\WINDOWS\system32\LVCOMSX.EXE
@LogitechCameraAssistantC:\Programmi\Acer\OrbiCam\CameraAssistant.exe = C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
@LogitechVideo[inspector]C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect = C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
@LogitechCameraService(E)C:\WINDOWS\system32\ElkCtrl.exe /automation = C:\WINDOWS\system32\ElkCtrl.exe /automation
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@DAEMON Tools"C:\Programmi\eMule\Incoming\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\eMule\Incoming\DAEMON Tools\daemon.exe" -lang 1033
@RoxWatchTray"C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" = "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
@DMXLauncher"C:\Programmi\Roxio\Media Experience\DMXLauncher.exe" = "C:\Programmi\Roxio\Media Experience\DMXLauncher.exe"
@RoxioDragToDisc"C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" = "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
@kis"C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@mlvshb.exeC:\WINDOWS\TEMP\mlvshb.exe /*file not found*/ = C:\WINDOWS\TEMP\mlvshb.exe /*file not found*/
@zihzda.exeC:\WINDOWS\TEMP\zihzda.exe /*file not found*/ = C:\WINDOWS\TEMP\zihzda.exe /*file not found*/
@ozxzta.exeC:\WINDOWS\TEMP\ozxzta.exe /*file not found*/ = C:\WINDOWS\TEMP\ozxzta.exe /*file not found*/
@lpzvgb.exeC:\WINDOWS\TEMP\lpzvgb.exe /*file not found*/ = C:\WINDOWS\TEMP\lpzvgb.exe /*file not found*/
@jzgtaa.exeC:\WINDOWS\TEMP\jzgtaa.exe /*file not found*/ = C:\WINDOWS\TEMP\jzgtaa.exe /*file not found*/
@txteba.exeC:\WINDOWS\TEMP\txteba.exe /*file not found*/ = C:\WINDOWS\TEMP\txteba.exe /*file not found*/
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@compaq-speed = "c:\windows\system32\compaq-speed.exe" /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} /*EPM-PO Shell Extension*/epm-po.dll = epm-po.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} /*IZArc DragDrop Menu*/C:\Programmi\IZArc\IZArcCM.dll = C:\Programmi\IZArc\IZArcCM.dll
@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} /*IZArc Shell Context Menu*/C:\Programmi\
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Postdi Luke57 » 04/03/07 19:45

Ciao, scarica AVENGER e decomprimilo sul desktop (estrai i file nel desktop)
http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue:


registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mlvshb.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | zihzda.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | lpzvgb.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | jzgtaa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | txteba.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run |compaq-speed

folders to delete:
C:\WINDOWS\temp



Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi albertozan » 04/03/07 23:40

ecco fatto Luke, :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hnerkpha

*******************

Script file located at: \??\C:\Documents and Settings\nb^sihfx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\WINDOWS\temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mlvshb.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zihzda.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|lpzvgb.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|jzgtaa.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|txteba.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|compaq-speed deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
albertozan
Utente Junior
 
Post: 22
Iscritto il: 23/02/07 16:32

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Virus allucinante":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 26 ospiti