| Precedente :: Successivo | 
	
	
		| Autore | Messaggio | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 10 Mar 2007 19:36    Oggetto: |   |  
				| 
 |  
				| Ciao a tutti e compliemnti per questo bellissimo forum   Veramente utile e ben fatto
   
 Purtroppo l'ho scoperto perchè credo di avere lo stesso/simile problema di kefes
     
 Potete aiutarmi amici?
     
 Vi spiego il mio problema per esteso
   
 Noto che il pc è estremamente lento e che improvisamente l'icona di spybot è cambiata come quella di un file .exe senza una determinata icona....
 Mi insospettisco e decido di aggiornare l'AVG per fare una bella scansione....
 Vado per aggiornare (da notare che l'aggiornamento era automatico ma misteriosamente da un pò di tempo a questa parte era diventato manuale) e non mi fa più aggiornare e mi dice che per risolvere il problema sarebbe meglio se lo ri-installassi....
 
 Quindi disisntallo, scarico il 7.5 del 27/02/07 e installo quando si blocca è mi dice:
 Local machine: installation failed
 Installation:
 Error: Action failed for file avgamsvr.exe: creating file....
 No such file or directory
 
 ......
 
 Come un disperato provo e riprovo e per non rimanere sguarnito riesco a mettere solo AD-Aware ma che cmq non è un ativirus......
 
 HELP amici!!
     
 Non lasciamo vincere il lato oscuro
   
 EDIT
 Confermo che non posso installare nessun antivirus
  Un amico mi ha portato il Norton a casa per provare e nada    |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 11 Mar 2007 11:56    Oggetto: |   |  
				| 
 |  
				| Ciao Templier e benvenuto   se vuoi,  passa al "Caffe" per presentarti alla comunità!
 
 era meglio aprire un nuovo topic per non fare confusione..
   
 Hai gia provato il TOOL segnalato sopra?
 
 passa quello, dopo di che scarica GMER e posta il risultato della scheda ROOTKIT.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Smjert Dio maturo
 
  
  
 Registrato: 01/04/06 18:19
 Messaggi: 1619
 Residenza: Perso nella rete
 
 | 
			
				|  Inviato: 11 Mar 2007 11:59    Oggetto: |   |  
				| 
 |  
				| Topic Splittato |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 11 Mar 2007 12:59    Oggetto: |   |  
				| 
 |  
				| ah dimenticavo: in quel tool spunta la casella "eliminare automaticamente" mi serve anche il log da C:/InfoSat.txt a parte quello di GMER.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 11 Mar 2007 13:25    Oggetto: |   |  
				| 
 |  
				| Messaggio di test, da cancellare |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 11 Mar 2007 13:36    Oggetto: |   |  
				| 
 |  
				| Grazie per il vostro supporto con tutto il cuore   
 Ho scaricato il tool e GMER ed i risultati sono questi:
 
 Il tool EliBaglA mi ha segnala questo :
 
  	  | Citazione: |  	  | WINTEMS.EXE.VIR -> Bagle | 
 
 GMER :
 
  	  | Citazione: |  	  | GMER 1.0.12.12086 - http://www.gmer.net
 Rootkit scan 2007-03-11 12:21:50
 Windows 5.1.2600 Service Pack 2
 ---- System - GMER 1.0.12 ----
 
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwCreateFile
 SSDT     sptd.sys                                                                                                                                                                                                                                                                                                                                                        ZwCreateKey
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwEnumerateKey
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwEnumerateValueKey
 SSDT     sptd.sys                                                                                                                                                                                                                                                                                                                                                        ZwOpenKey
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwQueryDirectoryFile
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwQueryKey
 SSDT     \??\C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys                                                                                                                                                                                                                                                                                         ZwQuerySystemInformation
 SSDT     sptd.sys                                                                                                                                                                                                                                                                                                                                                        ZwQueryValueKey
 SSDT     sptd.sys                                                                                                                                                                                                                                                                                                                                                        ZwSetValueKey
 
 ---- Kernel code sections - GMER 1.0.12 ----
 
 ?        C:\WINDOWS\system32\drivers\sptd.sys                                                                                                                                                                                                                                                                                                                            Impossibile accedere al file. Il file è utilizzato da un altro processo.
 ?        C:\WINDOWS\System32\Drivers\SPTD7005.SYS                                                                                                                                                                                                                                                                                                                        Impossibile accedere al file. Il file è utilizzato da un altro processo.
 ?        C:\WINDOWS\System32\Drivers\dtscsi.sys                                                                                                                                                                                                                                                                                                                          Impossibile accedere al file. Il file è utilizzato da un altro processo.
 
 ---- User code sections - GMER 1.0.12 ----
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                                                                                         7C801AF1 6 Bytes  JMP 5F070F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                                                                                           7C801D77 6 Bytes  JMP 5F250F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LoadResource                                                                                                                                                                                                                                                                                           7C809FB5 6 Bytes  JMP 5F1C0F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!GetProcAddress                                                                                                                                                                                                                                                                                         7C80ADA0 6 Bytes  JMP 5F1F0F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                                                                                           7C80AE4B 6 Bytes  JMP 5F220F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!FindResourceW                                                                                                                                                                                                                                                                                          7C80BBCE 6 Bytes  JMP 5F130F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!SizeofResource                                                                                                                                                                                                                                                                                         7C80BC69 6 Bytes  JMP 5F190F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!FindResourceA                                                                                                                                                                                                                                                                                          7C80BE89 6 Bytes  JMP 5F160F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                                                                                                                                            7C84479D 5 Bytes  JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] USER32.dll!DispatchMessageW                                                                                                                                                                                                                                                                                         77D18A01 6 Bytes  JMP 5F100F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] USER32.dll!SetWindowLongW                                                                                                                                                                                                                                                                                           77D1D62B 6 Bytes  JMP 5F0A0F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] USER32.dll!DestroyWindow                                                                                                                                                                                                                                                                                            77D1DAEA 3 Bytes  [ FF, 25, 1E ]
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] USER32.dll!DestroyWindow + 4                                                                                                                                                                                                                                                                                        77D1DAEE 2 Bytes  [ 0E, 5F ]
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] USER32.dll!CreateWindowExW                                                                                                                                                                                                                                                                                          77D1FF50 6 Bytes  JMP 5F040F5A
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!send                                                                                                                                                                                                                                                                                                     71A3428A 5 Bytes  JMP 032648E8 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!recv                                                                                                                                                                                                                                                                                                     71A3615A 5 Bytes  JMP 032648A6 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                              71A39639 5 Bytes  JMP 03264408 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text    C:\Programmi\MSN Messenger\msnmsgr.exe[984] SHELL32.dll!Shell_NotifyIcon                                                                                                                                                                                                                                                                                        7CA30C69 5 Bytes  JMP 03261163 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 
 
 ---- Processes - GMER 1.0.12 ----
 
 Process  C:\WINDOWS\system32\wintems.exe (*** hidden *** )                                                                                                                                                                                                                                                                                                               228
 
 ---- Registry - GMER 1.0.12 ----
 
 
 | 
 
 Riguardo al log da C:/
 
  	  | Citazione: |  	  | Sat Mar 10 18:13:56 2007 EliBagle v10.26  (c)2007 S.G.H. / Satinfo S.L.
 ----------------------------------------------
 Lista de Acciones (por Acción Directa):
 C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
 C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
 C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
 C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
 Por favor, envienos una muestra del fichero
 C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.26
 a "virus@satinfo.es".  Gracias.
 C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
 Eliminada Carpeta "%WinDir%\exefld"
 Restaurada Clave: "SafeBoot\Minimal y Network"
 
 Sun Mar 11 11:33:23 2007
 EliBagle v10.26  (c)2007 S.G.H. / Satinfo S.L.
 ----------------------------------------------
 Lista de Acciones (por Acción Directa):
 C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
 C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
 C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
 C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
 C:\DOCUMENTS AND SETTINGS\USER\DATI APPLICAZIONI\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
 C:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado
 Eliminada Carpeta "%WinDir%\exefld"
 Restaurada Clave: "SafeBoot\Minimal y Network"
 
 Sun Mar 11 11:33:27 2007
 EliBagle v10.26  (c)2007 S.G.H. / Satinfo S.L.
 ----------------------------------------------
 Lista de Acciones (por Exploración):
 Explorando Unidad C:\
 
 Sun Mar 11 12:02:03 2007
 EliBagle v10.26  (c)2007 S.G.H. / Satinfo S.L.
 ----------------------------------------------
 Lista de Acciones (por Exploración):
 Explorando Unidad C:\
 Exploración Detenida por el Usuario.
 | 
 
 
 Spero di aver fatto tutto giusto
   
 Ho dovuto tagliare alcune parti perchè il DEBUG non me lo faceva postare (forse troppo grande
  ) |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 11 Mar 2007 13:49    Oggetto: |   |  
				| 
 |  
				| L'unico anti-Maware che mi fa installare/ utilizzare é: 
 Malware immunizer 1.3
 
 I file che non mi fa immunizzare sono:
 
 C:/WINDOWS\system32\aupdate.exe
  ISTbar C:/WINDOWS\avguard.exe
  Netsky Worm C:/WINDOWS\system32\update.exe
  Zotob Worm 
 Item infect
 
 c:\windows\system32\appis32.exe
 
 
  AIUTO  |  | 
	
		| Top |  | 
	
		|  | 
	
		| Smjert Dio maturo
 
  
  
 Registrato: 01/04/06 18:19
 Messaggi: 1619
 Residenza: Perso nella rete
 
 | 
			
				|  Inviato: 11 Mar 2007 14:46    Oggetto: |   |  
				| 
 |  
				| Prova a farlo girare dalla Modalità Provvisoria. 
 Per andarci:
 
 Riavvia il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 11 Mar 2007 15:22    Oggetto: |   |  
				| 
 |  
				| ciao.. la scansione con GMER, l'hai fatto prima o dopo aver utilizzato EliBagle?
 al momento,pare che è l'unico che funziona veramente.
 
 vedi se c'è bisogno di riattivare i servizi terminati da Bagle:
 Apri la lista dei Servizi (Start --> Esegui --> digitate SERVICES.MSC --> Ok) ed abilita, dove necessario, questi servizi disabilitati:
 Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS).
 (Per avviare un servizio, dovete cliccare con il tasto destro su Proprietà --> Automatico --> Ok --> Avvia --> Ok).
 
 anche Netsky è un parente stretto...
 scarica anche HiJack, scompattalo in una cartella permanente e NON sul desktop.
 avvialo, scegli "do a system scan and save a logfile"
 posta qui il contenuto .txt
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 11 Mar 2007 16:04    Oggetto: |   |  
				| 
 |  
				| Grande Orange  8) Sei riuscito a farmi riavere almeno il Firewall  8)
 
 Allora:
 
 
  	  | Citazione: |  	  | la scansione con GMER, l'hai fatto prima o dopo aver utilizzato EliBagle? | 
 
 L'ho fatta prima se non sbaglio
  Prima ho utilizzato GMER e poi EliBagla 
   
 
  	  | Citazione: |  	  | vedi se c'è bisogno di riattivare i servizi terminati da Bagle | 
 
 Alcuni erano disabilitati firewall compreso ma ora sono tutti attivi tranne la voce:
 
  Zero Configuration reti senza fili  impossibile avviare zero configuration reti senza fili su computer locale. Errore 1068 avvio del gruppo o del servizio di dipendenza non riuscito. 
 
  	  | Citazione: |  	  | anche Netsky è un parente stretto... | 
 
 Bella storia...
   
 
  	  | Citazione: |  	  | scarica anche HiJack, scompattalo in una cartella permanente e NON sul desktop. avvialo, scegli "do a system scan and save a logfile"
 | 
 
 Logfile of HijackThis v1.99.1
 Scan saved at 15.01.03, on 11/03/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\ATKKBService.exe
 C:\WINDOWS\system32\CTSvcCDA.EXE
 C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
 C:\WINDOWS\system32\nvsvc32.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\MsPMSPSv.exe
 C:\Programmi\Canon\CAL\CALMAIN.exe
 C:\WINDOWS\Explorer.EXE
 C:\Programmi\QuickTime\qttask.exe
 C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe
 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
 C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 C:\WINDOWS\system32\rundll32.exe
 C:\Programmi\DAEMON Tools\daemon.exe
 C:\Programmi\File comuni\Real\Update_OB\realsched.exe
 C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Programmi\MSN Messenger\msnmsgr.exe
 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
 C:\Programmi\Messenger\msmsgs.exe
 C:\Programmi\SEC\MagicTune 2.5\GammaTray.exe
 C:\Programmi\VIA\RAID\raid_tool.exe
 C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
 C:\Programmi\Internet Explorer\iexplore.exe
 C:\WINDOWS\system32\wuauclt.exe
 C:\WINDOWS\system32\wscntfy.exe
 C:\Programmi\Internet Explorer\iexplore.exe
 C:\Programmi\Internet Explorer\iexplore.exe
 C:\PROGRA~1\WINZIP\winzip32.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
 O2 - BHO: (no name) - {61660267-0BB5-70A7-D8B7-656669EDCE6F} - C:\DOCUME~1\User\DATIAP~1\MIXONLINESOFTWARE\peakfunk.exe (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
 O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Programmi\BitDownload\TorrentManager.dll
 O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
 O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
 O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe"
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
 O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
 O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
 O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
 O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Color Calibration.lnk = ?
 O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
 O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
 O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
 O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
 O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\User\Desktop\sdie.htm
 O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
 O8 - Extra context menu item: Scarica con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
 O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
 O17 - HKLM\System\CCS\Services\Tcpip\..\{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB}: NameServer = 212.216.125.2,212.216.112.112
 O17 - HKLM\System\CCS\Services\Tcpip\..\{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD}: NameServer = 213.205.36.70 213.205.32.70
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
 O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
 O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe (file missing)
 O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe (file missing)
 O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
 O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)
 
 
  	  | Citazione: |  	  | Prova a farlo girare dalla Modalità Provvisoria. | 
 Non mi fa andare in modalità provvisoria
  Seguo l'iter da te citato e una volta che scelgo modalità provvisoria e ci sta entrando (con tanto di scritta) puff, si riavvia e riparte XP in modalità normale   Non so se sia opera del Malwave ma ho i miei sospetti
  |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 11 Mar 2007 17:28    Oggetto: |   |  
				| 
 |  
				| mi potresti postare anche il log di GMER aggiornato? |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 11 Mar 2007 18:22    Oggetto: |   |  
				| 
 |  
				| Eccolo  8) Freschissimo  8) 
 GMER 1.0.12.12086 - http://www.gmer.net
 Rootkit scan 2007-03-11 17:20:35
 Windows 5.1.2600 Service Pack 2
 
 
 ---- System - GMER 1.0.12 ----
 
 SSDT    sptd.sys                                                                                                                   ZwCreateKey
 SSDT    sptd.sys                                                                                                                   ZwEnumerateKey
 SSDT    sptd.sys                                                                                                                   ZwEnumerateValueKey
 SSDT    sptd.sys                                                                                                                   ZwOpenKey
 SSDT    sptd.sys                                                                                                                   ZwQueryKey
 SSDT    sptd.sys                                                                                                                   ZwQueryValueKey
 SSDT    sptd.sys                                                                                                                   ZwSetValueKey
 
 ---- Kernel code sections - GMER 1.0.12 ----
 
 ?       C:\WINDOWS\system32\drivers\sptd.sys                                                                                       Impossibile accedere al file. Il file è utilizzato da un altro processo.
 ?       C:\WINDOWS\System32\Drivers\SPTD7005.SYS                                                                                   Impossibile accedere al file. Il file è utilizzato da un altro processo.
 ?       C:\WINDOWS\System32\Drivers\dtscsi.sys                                                                                     Impossibile accedere al file. Il file è utilizzato da un altro processo.
 
 ---- User code sections - GMER 1.0.12 ----
 
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryExW                                                   7C801AF1 6 Bytes  JMP 5F070F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryA                                                     7C801D77 6 Bytes  JMP 5F250F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadResource                                                     7C809FB5 6 Bytes  JMP 5F1C0F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!GetProcAddress                                                   7C80ADA0 6 Bytes  JMP 5F1F0F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryW                                                     7C80AE4B 6 Bytes  JMP 5F220F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!FindResourceW                                                    7C80BBCE 6 Bytes  JMP 5F130F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!SizeofResource                                                   7C80BC69 6 Bytes  JMP 5F190F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!FindResourceA                                                    7C80BE89 6 Bytes  JMP 5F160F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!SetUnhandledExceptionFilter                                      7C84479D 5 Bytes  JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DispatchMessageW                                                   77D18A01 6 Bytes  JMP 5F100F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!SetWindowLongW                                                     77D1D62B 6 Bytes  JMP 5F0A0F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DestroyWindow                                                      77D1DAEA 3 Bytes  [ FF, 25, 1E ]
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DestroyWindow + 4                                                  77D1DAEE 2 Bytes  [ 0E, 5F ]
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!CreateWindowExW                                                    77D1FF50 6 Bytes  JMP 5F040F5A
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!send                                                               71A3428A 5 Bytes  JMP 033748E8 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!recv                                                               71A3615A 5 Bytes  JMP 033748A6 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!closesocket                                                        71A39639 5 Bytes  JMP 03374408 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 .text   C:\Programmi\MSN Messenger\msnmsgr.exe[1592] SHELL32.dll!Shell_NotifyIcon                                                  7CA30C79 5 Bytes  JMP 03371163 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
 
 ---- Devices - GMER 1.0.12 ----
 
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                                                                                       86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                                                                                        86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                                                         86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                                                                                        86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION                                                                            86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                                                                              86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                                                                                     86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                                                                                       86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                                                                                86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION                                                                     86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION                                                                       86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL                                                                            86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL                                                                          86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                                                                               86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                                                                                     86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                                                                                 86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                                                                                      86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                                                                               86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                                                                                 86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                                                                                  86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                                                                                    86F96688
 Device  \FileSystem\Ntfs \Ntfs IRP_MJ_PNP                                                                                          86F96688
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE                                                                    86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE                                                                     86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ                                                                      86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE                                                                     86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS                                                             86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL                                                            86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL                                                   86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN                                                                  86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER                                                                     86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL                                                            86F960E8
 Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP                                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE                                                                      86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE                                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ                                                                        86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE                                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS                                                               86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL                                                              86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL                                                     86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN                                                                    86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER                                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL                                                              86F960E8
 Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP                                                                         86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE                                                                         86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE                                                                          86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ                                                                           86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE                                                                          86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS                                                                  86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL                                                                 86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL                                                        86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN                                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER                                                                          86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL                                                                 86F960E8
 Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP                                                                            86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE                                                                        86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE                                                                         86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ                                                                          86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE                                                                         86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS                                                                 86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL                                                                86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL                                                       86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN                                                                      86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER                                                                         86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL                                                                86F960E8
 Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP                                                                           86F960E8
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE                                                                       86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ                                                                         86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE                                                                        86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS                                                                86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL                                                               86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                      86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN                                                                     86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP                                                                      86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER                                                                        86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL                                                               86FE0260
 Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP                                                                          86FE0260
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE                                                                                 86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ                                                                                   86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS                                                                          86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN                                                                               86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP                                                                                    86F685F0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE                                                                             85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE                                                                  85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE                                                                              85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ                                                                               85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE                                                                              85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION                                                                  85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION                                                                    85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA                                                                           85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA                                                                             85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS                                                                      85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION                                                           85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION                                                             85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL                                                                  85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL                                                                85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL                                                                     85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL                                                            85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN                                                                           85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL                                                                       85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP                                                                            85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT                                                                    85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY                                                                     85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY                                                                       85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER                                                                              85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL                                                                     85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE                                                                      85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA                                                                        85BFA7B0
 Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA                                                                          85BFA7B0
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CREATE                                     85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CLOSE                                      85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_DEVICE_CONTROL                             85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_INTERNAL_DEVICE_CONTROL                    85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CLEANUP                                    85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_PNP                                        85C880E8
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE                                                                                 86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ                                                                                   86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS                                                                          86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN                                                                               86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP                                                                                    86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE                                                                                 86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ                                                                                   86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS                                                                          86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN                                                                               86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER                                                                                  86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL                                                                         86F685F0
 Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP                                                                                    86F685F0
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CREATE                                     85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CLOSE                                      85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_DEVICE_CONTROL                             85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_INTERNAL_DEVICE_CONTROL                    85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CLEANUP                                    85C880E8
 Device  \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_PNP                                        85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE                                                                      85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE                                                                       85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL                                                              85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL                                                     85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP                                                                     85C880E8
 Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP                                                                         85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE                                                                             85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE                                                                              85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL                                                                     85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL                                                            85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP                                                                            85C880E8
 Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP                                                                                85C880E8
 Device  \Driver\00000050 \Device\0000004e IRP_MJ_POWER                                                                             [F739FA26] sptd.sys
 Device  \Driver\00000050 \Device\0000004e IRP_MJ_SYSTEM_CONTROL                                                                    [F73B3BD8] sptd.sys
 Device  \Driver\00000050 \Device\0000004e IRP_MJ_PNP                                                                               [F73AC54E] sptd.sys
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE                                                                           86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE                                                                            86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ                                                                             86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE                                                                            86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS                                                                    86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL                                                                   86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                          86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN                                                                         86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER                                                                            86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL                                                                   86F968C0
 Device  \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP                                                                              86F968C0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE                                                            85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE                                                 85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE                                                             85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ                                                              85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE                                                             85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION                                                 85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION                                                   85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA                                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA                                                            85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS                                                     85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION                                            85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL                                                 85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL                                               85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL                                                    85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL                                           85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN                                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL                                                      85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP                                                           85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT                                                   85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY                                                    85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY                                                      85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER                                                             85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL                                                    85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE                                                     85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA                                                       85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA                                                         85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP                                                               85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE                                                                  85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE                                                       85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE                                                                   85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ                                                                    85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE                                                                   85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION                                                       85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION                                                         85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA                                                                85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA                                                                  85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS                                                           85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION                                                85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION                                                  85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL                                                       85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL                                                     85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL                                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL                                                 85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN                                                                85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL                                                            85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP                                                                 85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT                                                         85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY                                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY                                                            85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER                                                                   85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL                                                          85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE                                                           85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA                                                             85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA                                                               85C818E0
 Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP                                                                     85C818E0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE                                                                           85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE                                                                85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE                                                                            85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ                                                                             85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE                                                                            85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION                                                                85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION                                                                  85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS                                                                    85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION                                                         85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL                                                                85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL                                                              85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP                                                                          85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY                                                                   85C1E7F0
 Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY                                                                     85C1E7F0
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE                                                                             86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_READ                                                                               86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE                                                                              86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS                                                                      86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL                                                                     86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL                                                            86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN                                                                           86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP                                                                            86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER                                                                              86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL                                                                     86FE0260
 Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP                                                                                86FE0260
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE                                                                            85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE                                                                             85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ                                                                              85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE                                                                             85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION                                                                 85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION                                                                   85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION                                                          85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL                                                                 85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL                                                               85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP                                                                           85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT                                                                   85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY                                                                    85C26EB0
 Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY                                                                      85C26EB0
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE                                                                      86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE                                                                       86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL                                                              86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                     86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER                                                                       86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL                                                              86F96B78
 Device  \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP                                                                         86F96B78
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE                                                                          86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE                                                                           86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL                                                                  86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                         86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER                                                                           86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL                                                                  86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP                                                                             86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE                                                     86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE                                                      86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL                                             86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                    86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER                                                      86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL                                             86FCEB30
 Device  \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP                                                        86FCEB30
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE                                                                                       85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE                                                                                        85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_READ                                                                                         85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION                                                                            85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION                                                                              85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION                                                                     85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL                                                                            85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL                                                                          85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL                                                                               85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN                                                                                     85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL                                                                                 85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP                                                                                      85BB47B0
 Device  \FileSystem\Cdfs \Cdfs IRP_MJ_PNP                                                                                          85BB47B0
 
 ---- Registry - GMER 1.0.12 ----
 
 Reg     \Registry\USER\S-1-5-21-1390067357-2049760794-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@??  0xE8 0x1E 0x40 0xF2 ...
 Reg     \Registry\USER\S-1-5-21-1390067357-2049760794-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@??  0x3A 0xDC 0xDC 0x56 ...
 
 ---- EOF - GMER 1.0.12 ----
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 11 Mar 2007 22:22    Oggetto: |   |  
				| 
 |  
				| la buona notizia è che il Bagle è scomparso! 
 per Netsky usa questo TOOL di rimozione
 quest'altro TOOL è per ISTbar
 e giusto per rimanere su Symantec scarica QUESTO per rimuovere Zotob..
 
 
 disattiva il ripristino di configurazione del sistema
 disconnesso da internet e con tutte le applicazioni chiuse fai girare i tools. salva i logs
 scarica installa e aggiorna VirIT
 e fagli fare la scansione.
 
 Da start/ esegui digita regedit
 portati alle seguenti chiavi
 HKLM/software/Microsoft/Windows/Current Version/Run
 HKLM/software/Microsoft/Windows/Current Version/RunService
 trova i valori
 "Windows System"="botzor.exe"
 "ICQ NET" = "%Windir%\winlogon.exe -stealth"
 e se ci sono eliminali
 
 cancella ( se esistono) anche questi sottochiavi
 HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
 HKEY_CURRENT_USER\Software\ISTbar
 HKEY_CURRENT_USER\Software\IST
 
 dai una pulita generale con CCleaner
 alla fine posta i risultati dei 3 tools, il log di virit e nuovo log di HiJack.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 12 Mar 2007 01:52    Oggetto: |   |  
				| 
 |  
				| Premetto che ho eseguito il procedimento alla lettera  8) 
 
  TOOL Netsky 
 Symantec W32.Netsky FixTool 1.12.0
 
 
 C:\System Volume Information: (not scanned)
 W32.Netsky has not been found on your computer.
 
 
  TOLL ISTbar 
 Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0
 
 
 registry: HKEY_USERS\S-1-5-21-1390067357-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
 registry: HKEY_USERS\S-1-5-21-1390067357-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Search: SearchAssistant (value deleted)
 
 C:\System Volume Information: (not scanned)
 Adware.Istbar has not been found on your computer.
 
 
  TOLL Zotob 
 Symantec W32.Zotob.[A-G,I,J] Removal Tool 1.8.0
 
 W32.Zotob has not been found on your computer.
 
 
  SCANSIONE VirIT (è una bomba questo anti-virus  altro che AVG) 
 11/03/2007 - 23:54:03
 
 [SCANSIONE DEL REGISTRO]
 OK
 
 [C:]
 MASTER BOOT RECORD: OK
 BOOT SECTOR: OK
 
 C:\Documents and Settings\All Users\Dati applicazioni\Dash Idle Flap Drv\Loud 2.exe Infetto da Trojan.Win32.Swizzor.AK
 * * *  RIMOSSO  * * *
 C:\Documents and Settings\User\Dati applicazioni\itchaxisnurb\vnffneqt.exe Infetto da Trojan.Win32.Swizzor.AK
 * * *  RIMOSSO  * * *
 C:\Documents and Settings\User\Dati applicazioni\ScaricaMP3[1].exe Infetto da Trojan.Win32.Dialer.HM
 * * *  RIMOSSO  * * *
 C:\Documents and Settings\User\Dati applicazioni\ScaricaMP3[2].exe Infetto da Trojan.Win32.Dialer.HM
 * * *  RIMOSSO  * * *
 C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.26 Infetto da Trojan.Win32.Mitglieder.AU
 * * *  RIMOSSO  * * *
 C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02(1).ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
 * * *  RIMOSSO  * * *
 C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02(2).ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
 * * *  RIMOSSO  * * *
 C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02.ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
 * * *  RIMOSSO  * * *
 C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll Infetto da BHO.Softomate.D
 * * *  RIMOSSO  * * *
 C:\WINDOWS\system32\WINTEMS.EXE.VIR Infetto da I-WORM.Beagle.DH
 * * *  RIMOSSO  * * *
 
 Chiavi Registro infette: 0.
 Files Infetti: 10.
 Files Sospetti: 0.
 Files Analizzati: 157743.
 Files Totali: 157743.
 Chiavi Registro rimosse: 0.
 Virus Rimossi: 10.
 
 
  LOGFILE HijackThis fresco fresco   
 Logfile of HijackThis v1.99.1
 Scan saved at 0.51.18, on 12/03/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\ATKKBService.exe
 C:\WINDOWS\system32\CTSvcCDA.EXE
 C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
 C:\WINDOWS\system32\nvsvc32.exe
 C:\WINDOWS\System32\svchost.exe
 C:\VEXPLITE\viritsvc.exe
 C:\WINDOWS\system32\MsPMSPSv.exe
 C:\Programmi\Canon\CAL\CALMAIN.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\wscntfy.exe
 C:\Programmi\QuickTime\qttask.exe
 C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe
 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
 C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 C:\WINDOWS\system32\rundll32.exe
 C:\Programmi\DAEMON Tools\daemon.exe
 C:\Programmi\File comuni\Real\Update_OB\realsched.exe
 C:\Programmi\MSN Messenger\msnmsgr.exe
 C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
 C:\VEXPLITE\MONLITE.EXE
 C:\WINDOWS\system32\ctfmon.exe
 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
 C:\Programmi\Messenger\msmsgs.exe
 C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
 C:\Programmi\SEC\MagicTune 2.5\GammaTray.exe
 C:\Programmi\VIA\RAID\raid_tool.exe
 C:\WINDOWS\system32\wuauclt.exe
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\VEXPLITE\viritexp.exe
 C:\WINDOWS\regedit.exe
 C:\WINDOWS\system32\NOTEPAD.exe
 C:\Programmi\Internet Explorer\iexplore.exe
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\WINDOWS\system32\NOTEPAD.exe
 C:\WINDOWS\system32\NOTEPAD.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: (no name) - {61660267-0BB5-70A7-D8B7-656669EDCE6F} - C:\DOCUME~1\User\DATIAP~1\MIXONLINESOFTWARE\peakfunk.exe (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
 O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
 O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
 O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe"
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
 O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
 O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
 O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
 O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
 O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
 O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Color Calibration.lnk = ?
 O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
 O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
 O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
 O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
 O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\User\Desktop\sdie.htm
 O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
 O8 - Extra context menu item: Scarica con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
 O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
 O17 - HKLM\System\CCS\Services\Tcpip\..\{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB}: NameServer = 212.216.125.2,212.216.112.112
 O17 - HKLM\System\CCS\Services\Tcpip\..\{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD}: NameServer = 213.205.36.70 213.205.32.70
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
 O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
 O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe (file missing)
 O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe (file missing)
 O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
 O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)
 O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas   www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Templier Mortale devoto
 
  
  
 Registrato: 10/03/07 19:23
 Messaggi: 10
 
 
 | 
			
				|  Inviato: 12 Mar 2007 01:59    Oggetto: |   |  
				| 
 |  
				| Riguardo alle chiavi in regedit non ho trovato nada de nada   
 Che mi dici interpretando i vari report?
 
 Da quanto ho capito io VirIT ha fatto un super lavoro trovando anche altre cose che non avevamo visto prima
   Mi ha sorpreso la sua efficenza, meticolosità in scansione
   Peccato che da quanto ho capito è un versione tria da 30 giorni
     L'AVG che usavo più il Firewall di windows mi sa che mi davano troppa poca copertura
   Dimmi tutto Orange e grazie ancora per tutto quello che stai facendo per me
      |  | 
	
		| Top |  | 
	
		|  | 
	
		| Orange Dio maturo
 
  
 
 Registrato: 18/02/07 13:20
 Messaggi: 2224
 Residenza: Roma
 
 | 
			
				|  Inviato: 12 Mar 2007 09:20    Oggetto: |   |  
				| 
 |  
				| ciao. in effetti VirIT ha trovato parecchie altre cose...
 
 
 riesci entrare adesso in modalità provvisoria?
 lancia da mod. provvisoria HiJack
 premi "do a system scan only"
 metti la spunta alle voci seguenti e premi "fix checked"
 
 O2 - BHO: (no name) - {61660267-0BB5-70A7-D8B7-656669EDCE6F} - C:\DOCUME~1\User\DATIAP~1\MIXONLINESOFTWARE\peakfunk.exe (file missing)
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
 
 
 sei riuscito a mettere gli antivirus?
 che versione usi di AVG? se è una versione free ti consiglierei di cambiarlo con  AntivirPE o Avast (rimanendo sempre sul free) cambia anche firewall, se usi quello di Windows.
 per essere sicuri di non aver tralasciato piu nulla. fai la scansione on-line con Kaspersky e posta qui il risultato.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		|  |