Condividi:        

Spyware Amaena

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Navarre_81 » 16/04/07 18:13

Ho fatto anche quella operazione con il programma Avenger descritta da Luke57 qualche post fa, e questo è il risultato:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lwkvcksu

*******************

Script file located at: \??\C:\Program Files\dbiokeme.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\toqtcqrh.old not found!
Deletion of file c:\windows\system32\toqtcqrh.old failed!

Could not process line:
c:\windows\system32\toqtcqrh.old
Status: 0xc0000034



File C:\WINDOWS\TEMP\lhefaa.exe not found!
Deletion of file C:\WINDOWS\TEMP\lhefaa.exe failed!

Could not process line:
C:\WINDOWS\TEMP\lhefaa.exe
Status: 0xc0000034

File C:\WINDOWS\svchost.exe deleted successfully.
File c:\windows\system32\lsatirxn.exe deleted successfully.


Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image file execution options\explorer.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image file execution options\explorer.exe failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|lsatirxn deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|lhefaa.exe
Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|lhefaa.exe failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Oltretutto vorrei precisare che è spuntato un ennesimo problema, e cioè che la connessione a Internet è molto instabile, risulta molto difficile aprire qualsiasi pagina; è forse un problema collegato a questa stringa del log di Hijack?:
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
In modalità provvisoria con rete comunque Internet è a posto e le pagine le apre perfettamente al primo colpo, è solo un po' lento lo scorrimento delle pagine, ma credo sia normale.
Come posso risolvere questo problema, oltre a tutti gli altri?
Ah, per la cronaca uso Fastweb.
Thanks[/quote].
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Sponsor
 

Postdi Luke57 » 17/04/07 08:32

Ciao, scarica Lspfix:
http://www.xdownload.it/go.asp?idl=2273
e lo tieni da parte.
Apri hijackthis, premi "do a system scan only", cerchi e spunti la voce seguente:
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
premi fix checked
Lanci Lspfix:
se sulla sinistra, insieme ad altre voci, ti appare la seguente:
'rsvp32_2.dll'
la sposti sulla parte destra del programma e la rimuovi, premendo finish
Non fare altre manovre con le altre voci.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Navarre_81 » 17/04/07 15:12

Fatto tutto alla lettera, ma expl. si impalla ancora.
Comunque ho notato che in mod. provvisoria non va pefettamente, come avevo scritto sopra, ma mi si "disconnette" dopo circa 3/4 d'ora.
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Postdi Navarre_81 » 17/04/07 15:51

Allora, aggiorno la situazione:
dopo aver avviato il programma WinsockXPFix (come consigliato da Luke57 ad un altro utetnte con problema analogo) SEMBRA che internet funzioni bene. Dico sembra perchè non riesco mai ad usarlo per + di 20-25 minuti, poichà mi si riavvia il PC da solo.
Era un problema che avevo incontrato gia qualche giorno fa ma pensavo che facendo tutto quello che mi avete detto di fare il problema si risolveva da solo, invece...
Praticamente ad ogni avvio il pc rimane acceso per qualche tempo, e a volte si riavvia anche subito dopo aver caricato il desktop.
Posto un log aggiornato di hijack, ma a me sembra abbastanza pulito:

Logfile of HijackThis v1.99.1
Scan saved at 16.52.04, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Steam\Steam.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Simone\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmi\Steam\Steam.exe" -silent
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2950907968
O20 - AppInit_DLLs: C:\WINDOWS\system32\svch5v.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Mamma mia che odissea!!!
Che faccio adesso?
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Postdi Luke57 » 17/04/07 18:04

Ciao scarica SystemScan (strumento di diagnosi)
http://www.suspectfile.com/systemscan
salvalo sul desktop, disattiva l'antivirus, apri systemscan ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now".
Al termine della scansione (da pochi minuti a 20-30 minuti) verrà rilasciato in C:\suspectfile il file report.txt.
Siccome è molto lungo non entrerà in un post.
Vai su
http://www.easy-share.com carica il file
(Fai in questo modo: click su sfoglia, individui il file C:\suspectfile\report.txt, , premi Upload) e nella tua prossima risposta in un post, qui nel forum, scrivi l'URL che ti sarà fornito (ti sarà fornito anche il link per cancellare il file, quello non me lo indicare) per scaricarlo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Navarre_81 » 17/04/07 22:16

Ecco il link:
http://w13.easy-share.com/1006736.html

La connessione a Internet è tornata instabile!
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Postdi Luke57 » 18/04/07 08:41

Ciao, hai diverse infezioni, scarica questo tool:
http://www.uploads.ejvindh.net/rustbfix.exe

ed eseguilo sul computer.

Poi avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 1

Folders to delete:
C:\windows\temp

Files to delete:
C:\WINDOWS\systpro32.exe
C:\WINDOWS\winhp32.exe
C:\WINDOWS\systempro32.dll
C:\WINDOWS\msscds32.dll
C:\WINDOWS\winmoprp.dll
C:\WINDOWS\services.exe
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\cent.exe
C:\WINDOWS\system32\zup.exe.exe
C:\WINDOWS\system32\pdp.exe.exe
C:\WINDOWS\system32\win_87s.exe
C:\WINDOWS\system32\3ti.exe
C:\WINDOWS\system32\svch5v.dll
C:\WINDOWS\system32\3ti.exe.exe
C:\WINDOWS\system32\pkja.exe
C:\WINDOWS\system32\sysbus2.sys




Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.



Poi apri il registro di
sistema:
start>esegui>regedit>OK
Cliccando sul segno + accanto alle singole voci, segui questo percorso:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Click su quest’ultima cartella e se trovi questa voce sulla parte destra,
SYSTEM"="C:\WINDOWS\svchost.exe"
Click tasto dx su di essa e scegli elimina.

Scarica anche Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo. Incolla poi il contenuto del report in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Navarre_81 » 18/04/07 13:57

Fatto.
Questo è il log di Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fykrdkw^

*******************

Script file located at: \??\C:\Documents and Settings\tcsfdbrw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\windows\temp deleted successfully.
File C:\WINDOWS\systpro32.exe deleted successfully.
File C:\WINDOWS\winhp32.exe deleted successfully.
File C:\WINDOWS\systempro32.dll deleted successfully.
File C:\WINDOWS\msscds32.dll deleted successfully.
File C:\WINDOWS\winmoprp.dll deleted successfully.
File C:\WINDOWS\services.exe deleted successfully.
File C:\WINDOWS\system32\wincom32.sys deleted successfully.
File C:\WINDOWS\system32\sfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtwbmail.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtsmtspm.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtgtal.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmticq.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtaim.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtforum.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtwbmail.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtymsg.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmtspm.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtforum.dll deleted successfully.
File C:\WINDOWS\system32\cent.exe deleted successfully.
File C:\WINDOWS\system32\zup.exe.exe deleted successfully.
File C:\WINDOWS\system32\pdp.exe.exe deleted successfully.
File C:\WINDOWS\system32\win_87s.exe deleted successfully.
File C:\WINDOWS\system32\3ti.exe deleted successfully.
File C:\WINDOWS\system32\svch5v.dll deleted successfully.
File C:\WINDOWS\system32\3ti.exe.exe deleted successfully.
File C:\WINDOWS\system32\pkja.exe deleted successfully.
File C:\WINDOWS\system32\sysbus2.sys deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|1 deleted successfully.

Completed script processing.

*******************

....e questo è quello di Gmer:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-18 14:50:59
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.12 ----

? mpbkohbf.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981D1D C:\PROGRA~1\DVDIDL~1\DVDShell.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86740290
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85FE0438
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E26D0A30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E26D0A30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E26D0A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85F50210
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85FFCD20
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 85F50210
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 85F77008
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E14EEC18
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E14EEC18
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E14EEC18
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85EFA7C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86297F20
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86297F20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 860B4B50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 860B3FB0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AE8661] prosync1.sys
Device \Driver\SI3132 \Device\Scsi\SI31321 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AE8661] prosync1.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85FE0438
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 862009D0

---- Modules - GMER 1.0.12 ----

Module _________ F743D000-F7455000 (98304 bytes)

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\windev-2eb6-1448.sys (*** hidden *** ) [AUTO] windev-2eb6-1448 <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000\Control@ActiveService windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448\Enum@0 Root\LEGACY_WINDEV-2EB6-1448\0000
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000\Control@ActiveService windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448\Enum@0 Root\LEGACY_WINDEV-2EB6-1448\0000
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\system32\windev-2eb6-1448.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\windev-peers.ini

---- EOF - GMER 1.0.12 ----


Se c'è altro da fare attendo le prossime istruzioni, intenato vedo come si comporta il PC.
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Postdi Luke57 » 18/04/07 14:33

Ciao, riutilizza avenger inserendo questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

files to delete:
C:\WINDOWS\system32\windev-2eb6-1448.sys
C:\WINDOWS\system32\windev-peers.ini

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448
HKLM\SYSTEM\ControlSet002\Services\windev-2eb6-1448
\hklmSYSTEM\ControlSet001\Services\windev-2eb6-1448
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Navarre_81 » 18/04/07 16:02

Fatto, ma non riesce a cancellare tutto:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: \hklmSYSTEM\ControlSet001\Services\windev-2eb6-1448


Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qifrqpsh

*******************

Script file located at: \??\C:\Program Files\fvfmcwno.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\windev-2eb6-1448.sys deleted successfully.
File C:\WINDOWS\system32\windev-peers.ini deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448 deleted successfully.
Registry key HKLM\SYSTEM\ControlSet002\Services\windev-2eb6-1448 deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cqpryuls

*******************

Script file located at: \??\C:\WINDOWS\system32\uvnsveuc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\windev-2eb6-1448.sys not found!
Deletion of file C:\WINDOWS\system32\windev-2eb6-1448.sys failed!

Could not process line:
C:\WINDOWS\system32\windev-2eb6-1448.sys
Status: 0xc0000034



File C:\WINDOWS\system32\windev-peers.ini not found!
Deletion of file C:\WINDOWS\system32\windev-peers.ini failed!

Could not process line:
C:\WINDOWS\system32\windev-peers.ini
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448
Status: 0xc0000034



Registry key HKLM\SYSTEM\ControlSet002\Services\windev-2eb6-1448 not found!
Deletion of registry key HKLM\SYSTEM\ControlSet002\Services\windev-2eb6-1448 failed!

Could not process line:
HKLM\SYSTEM\ControlSet002\Services\windev-2eb6-1448
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Postdi Luke57 » 18/04/07 21:19

Ciao, ha cancellato tutte le voci. Esegui nuovo scan con gmer nella posizione rootkit.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Navarre_81 » 20/04/07 00:04

Mah...l'ho lasciato acceso un parecchie ore e non mi ha dato problemi.
Speriamo che continui così!
Guarda, ti sono infinitamente grato per l'aiuto che mi hai dato, sono senza parole!
Un'ultima cosa: sapresti consigliarmi cosa installare per prevenire queste "disgrazie", a livello di antivirus, antispyware, antiqui e antilà?
Quale può essere, secondo te, una configurazione ideale?
Considera che mi servirebbero possibilmente non troppo pesanti e facili da usare. Anche a pagamento.
Ah, non Zone alarm, ho avuto una brutta esperienza!

Ti ringrazio nuovamente per l'aiuto! :)
Navarre_81
Utente Junior
 
Post: 18
Iscritto il: 04/04/07 17:03
Località: Sassuolo

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Spyware Amaena":

spyware
Autore: babart
Forum: Sicurezza e Privacy
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti