|
| Precedente :: Successivo |
| Autore |
Messaggio |
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
 Inviato: 28 Set 2006 21:24 Oggetto: File sospetto |
 |
|
Ciao, purtroppo dopo il Clicker eccomi di nuovo qui..
Aprendo il Task Manager ho notato un file sospetto, che non mi pare ci fosse nei giorni scorsi.
Il file in questione è tal fkcc1.exe ed il suo percorso è C/WINDOWS/TEMP/fkcc1.exe
Posto per sicurezza un log:
Logfile of HijackThis v1.99.1
Scan saved at 21.23.37, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\TEMP\fkcc1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Documents and Settings\Proprietario\Documenti\Lancio Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fkcc1.exe] C:\WINDOWS\TEMP\fkcc1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: tkwebl.exe
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{602AAC4C-6568-4BC9-B55C-E36394EFF4B5}: NameServer = 85.37.17.6 85.38.28.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NetZqm - Unknown owner - \\?\C:\Programmi\Windows NT\com4.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SecEti - Unknown owner - \\?\C:\Programmi\Windows NT\lpt8.exe (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Allora, cosa devo fare? Grazie mille in anticipo! |
|
| Top |
|
 |
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 28 Set 2006 22:00 Oggetto: |
|
|
Aiai mi sa che ti sei preso il Link Optimizer.
Allora scarica Avenger spacchettalo sul Desktop e per ora lascialo lì.
Scarica questo tool per la rimozione del Link Optimizer, avvialo premi Start e aspetta che finisca.
Apri Hijack this e con tutte le applicazione e le finestre chiuse premi Do a system scan only spunta queste voci (se ci sono) e poi premi Fix Checked:
| Codice: | R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it7.hpwis.com/
O4 - HKLM\..\Run: [fkcc1.exe] C:\WINDOWS\TEMP\fkcc1.exe
O4 - Startup: tkwebl.exe
O23 - Service: NetZqm - Unknown owner - \\?\C:\Programmi\Windows NT\com4.exe (file missing)
O23 - Service: SecEti - Unknown owner - \\?\C:\Programmi\Windows NT\lpt8.exe (file missing) |
Usa la ricerca di Windows e trova questo file tkwebl.exe segnati il percorso (ricordati di includere le cartelle e i file nascosti!).
Adesso avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte qui sotto:
| Citazione: |
files to delete:
C:\WINDOWS\TEMP\fkcc1.exe
C:\Programmi\Windows NT\com4.exe
C:\Programmi\Windows NT\lpt8.exe
Percorso del file tkwebl.exe
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Registry Keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
folders to delete:
C:\WINDOWS\TEMP |
Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Ora scarica GMER da http://www.gmer.net
Avvia GMER e fai due scansioni (tasto Scan) una dal tab rootkit e l´altra dal tab autostart. Copiale tutte e due premendo il tasto Copy nei rispettivi tab e incollali in un file di testo che salverai.
Fatti una scansione con Panda (per stare sicuri)
Poi posta:
- il log di Symantec: il file FixLinkopt.log
- il contenuto del file c:/avenger.txt
- nuovo log di HijackThis (sempre per stare sicuri)
- i due log di GMER
(queste operazioni da fare le ho prese da un'altro post recente e le ho modificate secondo il tuo caso). |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 29 Set 2006 00:44 Oggetto: |
|
|
Innanzitutto grazie della risposta.
Farò il procedimento domani mattina dato che ora è tardi.
Solo una domanda, mi dite come si fa ad evidenziare file e cartelle nascoste? ^^'' |
|
| Top |
|
|
Jeppo59
Dio maturo
Registrato: 05/03/06 02:26
Messaggi: 2117
|
| Inviato: 29 Set 2006 02:23 Oggetto: |
|
|
| Citazione: | - aprire gestione risorse
- dal menu selezionare strumenti >> opzioni cartella
- selezionare il tab visualizzazione
- mettere la spunta alla casella visualizza file e cartelle nascoste
- togliere la spunta alla casella nascondi file di sistema (consigliato) (ozione più in basso)
- cliccare Si, poi Applica, poi OK. |
 |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 29 Set 2006 11:42 Oggetto: |
|
|
Allora, posto passo passo quanto mi avete suggerito.
Log FixLinkopt:
Symantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
Failed to acquire SeDebugPrivilege
service: NetZqm (logon as: .\PTK, passed filters)
service: NetZqm (file path: \\?\C:\Programmi\Windows NT\com4.exe - infected)
file: \\?\C:\Programmi\Windows NT\com4.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetZqm\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetZqm\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetZqm (key deleted)
reg: ...\SpecialAccounts\UserList\PTK (value deleted)
folder: \\?\C:\Documents and Settings\PTK (deleted)
user: PTK (deleted)
service: SecEti (logon as: .\aEORJbK, passed filters)
service: SecEti (file path: \\?\C:\Programmi\Windows NT\lpt8.exe - infected)
file: \\?\C:\Programmi\Windows NT\lpt8.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecEti\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecEti\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecEti (key deleted)
reg: ...\SpecialAccounts\UserList\aEORJbK (value deleted)
folder: \\?\C:\Documents and Settings\aEORJbK (deleted)
user: aEORJbK (deleted)
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\1.tmp: (deleted)
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\2.tmp: (deleted)
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\3.tmp: (deleted)
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\4.tmp: (deleted)
C:\WINDOWS\system32\jkaa.dll: (deleted)
registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: fkcc1.exe (value deleted)
process: iexplore.exe (terminated)
C:\WINDOWS\Temp\fkcc1.exe: (will be deleted on next reboot)
The Trojan.Linkoptimizer removal was successful.
The system will delete 1 Trojan.Linkoptimizer files from your PC on next reboot.
Here is the report:
1 file(s) could not be deleted.
They will be deleted on next reboot.
The total number of the scanned files: 100086
The number of deleted threat files: 7
The number of directories deleted: 2
The number of threat processes terminated: 1
The number of registry entries fixed: 9
The number of threat services removed: 2
The number of accounts disabled: 2
The tool initiated a system reboot.
Log Avenger (qui se non ho letto male pare però che non abbia trovato praticamente nessuno dei file che mi avevi indicato):
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ptukyfek
*******************
Script file located at: \??\C:\kle^mtrf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\TEMP\fkcc1.exe not found!
Deletion of file C:\WINDOWS\TEMP\fkcc1.exe failed!
Could not process line:
C:\WINDOWS\TEMP\fkcc1.exe
Status: 0xc0000034
File C:\Programmi\Windows NT\com4.exe not found!
Deletion of file C:\Programmi\Windows NT\com4.exe failed!
Could not process line:
C:\Programmi\Windows NT\com4.exe
Status: 0xc0000034
File C:\Programmi\Windows NT\lpt8.exe not found!
Deletion of file C:\Programmi\Windows NT\lpt8.exe failed!
Could not process line:
C:\Programmi\Windows NT\lpt8.exe
Status: 0xc0000034
File Percorso del file tkwebl.exe not found!
Deletion of file Percorso del file tkwebl.exe failed!
Could not process line:
Percorso del file tkwebl.exe
Status: 0xc0000034
Folder C:\WINDOWS\TEMP deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Nuovo log hijack:
Logfile of HijackThis v1.99.1
Scan saved at 11.31.48, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Documents and Settings\Proprietario\Documenti\Lancio Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{602AAC4C-6568-4BC9-B55C-E36394EFF4B5}: NameServer = 85.37.17.6 85.38.28.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Log autoscan GMER:
GMER 1.0.11.11349 - http://www.gmer.net
Autostart 2006-09-29 11:30:16
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SmcService /*Sygate Personal Firewall Pro*/@ = C:\Programmi\Sygate\SPF\smc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\System32\ShellvRTF.dll = C:\WINDOWS\System32\ShellvRTF.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZipitShellExt@{1642EA06-054E-497C-844D-AE817DF804CC} = C:\Programmi\FadeOut Zipit\ZipitExt.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{9394EDE7-C8B5-483E-8773-474BF36AF6E4}C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll = C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll = C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssmypics.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
hp center.lnk = hp center.lnk
hp psc 1000 series.lnk = hp psc 1000 series.lnk
hpoddt01.exe.lnk = hpoddt01.exe.lnk
Microsoft Office.lnk = Microsoft Office.lnk
---- EOF - GMER 1.0.11 ----
Log GMER rootkit (qui però al solito ad un certo punto il programma mi da errore e si chiude..Sicchè posto quanto sono riuscito a fare):
GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-29 11:29:09
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82ABF508
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8284EFB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A3785A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A3785A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 825F1050
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82587560
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 825F1050
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 8265D008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8265D008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 825F1050
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 825F1050
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8255DD80
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A3785A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A3785A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82585E18
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CREATE [F8670220] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CLOSE [F8670480] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_DEVICE_CONTROL [F86705A0] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F86705D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A3785A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82585E18
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8272F7B0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8272F0E0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8263E008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8263E008
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8284EFB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8272EC68
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8272EC68
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8272EC68
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8272EC68
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8272EC68
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8284BA68
---- Modules - GMER 1.0.11 ----
Module _________ F83E2000
---- Files - GMER 1.0.11 ----
ADS ...
Il percorso del file tkwebl.exe è (o era) C/documents and settings/proprietario/impostazioni locali/temporary internet files
Al momento sto facendo la scansione con Panda.
A questo punto come procedo?
Grazie ancora in anticipo!  |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 29 Set 2006 13:00 Oggetto: |
|
|
procedi bene
Al termine posta il log di Panda e poi applica le patch per evitare altre infezioni: http://www.symantec.com/security_response/writeup.jsp?docid=2006-082416-2803-99&tabid=2 |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 29 Set 2006 13:27 Oggetto: |
|
|
Azz, il log del Panda non l'ho salvato, in quanto non mi aveva rivelato virus ma "solo" una decina di spyware..
Se è importante lo rifaccio e lo posto, dimmi tu.
Poi un paio di domande abbastanza stupide:
1) innanzitutto.. dove trovo qual'è la versione di IE che sto usando? ^^'' Nelle patch mi indirizzano a link diversi a seconda della versione.. (A proposito, mi consigliate una versione particolare di IE? Si, lo so che la maggiorparte di voi non lo usa, abbiate pazienza..  )
2) nel secondo si dice che le patch sono contenute negli aggiornamenti automatici di windows. Siccome li ho disattivati, in quanto non mi va che entrino robe a buffo nel pc, sapete per caso se c'è modo di ovviare a questo problema? Trovare questa singola patch intendo.
Ma non capisco..perchè nel primo aggiornamento mi dice che prima è necessario installare IE 6 (e quindi mi verrebbe da pensare che ho una versione inferiore) mentre invece nell'ultimo c'è il link per IE 6 e W. XP service pack 2 e me lo installa senza problemi? O_o |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 29 Set 2006 13:58 Oggetto: |
|
|
| Scotch ha scritto: |
Il percorso del file tkwebl.exe è (o era) C/documents and settings/proprietario/impostazioni locali/temporary internet files
|
Non ti sei accorto che nello script di avenger ti avevo detto di mettere il percorso del file.. infatti avenger ti ha risposto:
| Citazione: | File Percorso del file tkwebl.exe not found!
Deletion of file Percorso del file tkwebl.exe failed! |
Quindi vai a vedere se è ancora presente, se lo è cancellalo.
Per quanto riguarda l'attivare la scansione nelle cartelle nascoste non intendevo quello che ha detto Jeppo ma (in Windows XP) quando fai Cerca -> tutti i file e le cartelle->Altre Opzioni Avanzate c'è la voce da spuntare "Cerca nei file e nelle cartelle nascoste".
PS: la versione di IE la vedi aprendo il browser, poi in alto nei menu ?->Informazioni su Internet Explorer |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 29 Set 2006 14:25 Oggetto: |
|
|
Si, alla fine mi ero accorto di quella opzione nel cerca e l'avevo attivata, grazie cmq per la precisazione
Il file cmq per fortuna non c'è più, spero sia stato cancellato.
Controllando la versione di IE risulta essere la 6.0, quindi mi resta solo da capire perchè nella prima patch del link di Holifay mi dice che non può essere installata se prima non installo appunto la versione 6 di IE.. 
Suggerimenti?  |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 29 Set 2006 14:33 Oggetto: |
|
|
| Forse la patch richiede IE 6.0 SP1 e tu hai la 6.0 normale (quindi attraverso Windows Update devi scaricarti il Service Pack). |
|
| Top |
|
|
Jeppo59
Dio maturo
Registrato: 05/03/06 02:26
Messaggi: 2117
|
| Inviato: 29 Set 2006 23:14 Oggetto: |
|
|
| Smjert ha scritto: | | Forse la patch richiede IE 6.0 SP1 e tu hai la 6.0 normale (quindi attraverso Windows Update devi scaricarti il Service Pack). |
Stando al log di HijackThis sembrerebbe che c'è già IE 6 e SP2
| Citazione: | Logfile of HijackThis v1.99.1
Scan saved at 21.23.37, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) |
|
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 29 Set 2006 23:28 Oggetto: |
|
|
Già... come al solito per alcune cose sono orbo XD cmq il fatto di avere IE 6.0 normale era incluso nel "forse"
Quindi probabilmente la seconda patch che ha scaricato era proprio quella giusta. |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 30 Ott 2006 09:15 Oggetto: |
|
|
Scusatemi, riuppo questo thread perchè mi sono DI NUOVO preso sto cacchio di fkcc1.exe
Ma non capisco, avevo seguito tutti i passaggi consigliatemi nella pagina precedente di questo thread, comprese le patch (a parte un aggiornamento che non riuscivo a fare), com'è che me lo sono ripreso di nuovo?? 
Riporto qui il log di hijack, ditemi se basta rifare il percorso della pagina precedente o se devo modificare qualcosa per non beccarmi più questo dannato virus.. Grazie mille!
Logfile of HijackThis v1.99.1
Scan saved at 8.13.56, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\TEMP\fkcc1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Proprietario\Documenti\Lancio Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fkcc1.exe] C:\WINDOWS\TEMP\fkcc1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{602AAC4C-6568-4BC9-B55C-E36394EFF4B5}: NameServer = 85.37.17.6 85.38.28.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: WinBnl - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt4.exe (file missing) |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 30 Ott 2006 15:11 Oggetto: |
|
|
Il LinkOptimizer si aggiorna... è possibile che ti sia entrato per un'altra via...
Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi Fix Checked:
| Citazione: | O4 - HKLM\..\Run: [fkcc1.exe] C:\WINDOWS\TEMP\fkcc1.exe
O23 - Service: WinBnl - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt4.exe (file missing) |
Scarica i due tool, Symantec e Prevx da qua http://forum.zeusnews.com/viewtopic.php?t=18285
Fai girare il tool Prevx (alla fine ti chiederà di riavviare).
Vai su Start->Esegui->digita cmd, dai invio, inserisci questo comando e poi dai invio: del \\.\C:\Programmi\File comuni\System\lpt4.exe
Riavvia in Modalità Provvisoria (F8 al boot) e fai girare il tool Symantec.
Torna in Modalità Normale
Scarica GMER da http://www.gmer.net
Avvia GMER e fai due scansioni (tasto Scan) una dal tab rootkit e l´altra dal tab autostart. Copiale tutte e due premendo il tasto Copy nei rispettivi tab e incollali in un file di testo che salverai.
Posta il contenuto di quel file di testo.
Posta il log del tool Prevx (C:\gromozon_removal.log), quello del tool Symantec (FixLinkOpt.log) e un nuovo log di HijackThis. |
|
| Top |
|
|
Scotch
Eroe
Registrato: 22/09/06 10:51
Messaggi: 47
|
| Inviato: 30 Ott 2006 22:14 Oggetto: |
|
|
Innanzitutto grazie mille per la gentile risposta 
Ora posto quanto detto:
Il log di Gmer Autostart:
GMER 1.0.11.11349 - http://www.gmer.net
Autostart 2006-10-30 20:57:08
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SmcService /*Sygate Personal Firewall Pro*/@ = C:\Programmi\Sygate\SPF\smc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\System32\ShellvRTF.dll = C:\WINDOWS\System32\ShellvRTF.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZipitShellExt@{1642EA06-054E-497C-844D-AE817DF804CC} = C:\Programmi\FadeOut Zipit\ZipitExt.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{9394EDE7-C8B5-483E-8773-474BF36AF6E4}C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll = C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll = C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssmypics.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
hp center.lnk = hp center.lnk
hp psc 1000 series.lnk = hp psc 1000 series.lnk
hpoddt01.exe.lnk = hpoddt01.exe.lnk
Microsoft Office.lnk = Microsoft Office.lnk
---- EOF - GMER 1.0.11 ----
Il log di Gmer rootkit che come al solito ad un certo punto mi ha dato errore bloccandosi, sicchè posto quanto riuscito a fare:
GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-10-30 20:48:52
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82A94578
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8273D820
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5585A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 826F1C18
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82749E88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 826CF008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 826CF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 826F1C18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 826F1C18
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8267E3D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5585A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8273EAE8
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CREATE [F8700220] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_CLOSE [F8700480] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_DEVICE_CONTROL [F87005A0] wpsdrvnt.sys
Device \Driver\SYMTDI \Device\SymTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F87005D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5585A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8273EAE8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 827B2E88
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 827B53C0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 826ABF00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 826ABF00
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8273D820
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8282B0E0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8282B0E0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8282B0E0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8282B0E0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8282B0E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82723710
---- Modules - GMER 1.0.11 ----
Module _________ F83E2000
---- Files - GMER 1.0.11 ----
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS ...
Log tool Gromozon:
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\temp\fkcc1.exe
Removed!
Trojan.Gromozon Removed!
Log tool fixlinkopt:
Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
C:\Avenger\prn.exe: (deleted)
C:\Documents and Settings\Proprietario\.$$$: (deleted)
Trojan.Linkoptimizer has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 102349
The number of deleted threat files: 2
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 0
The tool initiated a system reboot.
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)
Ed infine il nuovo log di hijack:
Logfile of HijackThis v1.99.1
Scan saved at 21.12.05, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Proprietario\Documenti\Lancio Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{602AAC4C-6568-4BC9-B55C-E36394EFF4B5}: NameServer = 85.37.17.6 85.38.28.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Solo un appunto: provando a fare quello che dicevi su Start, Esegui, cmd,ecc.. mi dice alla fine una cosa tipo "impossibile trovare il percorso specificato"
Attendo delucidazioni, soprattutto sul fatto se quel cacchio di Optimizer è stato rimosso |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 30 Ott 2006 22:36 Oggetto: |
 |
|
| Scotch ha scritto: | | Solo un appunto: provando a fare quello che dicevi su Start, Esegui, cmd,ecc.. mi dice alla fine una cosa tipo "impossibile trovare il percorso specificato" |
Non importa, evidentemente il file era già stato cancellato.
Per ultima cosa avvia HijackThis, premi Open the Misc Tools section, Open ADS Spy, togli al spunta a "Quick Scan" e poi premi Scan (quello più in alto).
Dovrebbe trovarti questo file 2A81F9CE, selezionalo, metti la spunta e premi Remove selected |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
