Problemi con la Guida in linea e varie

[THECAPITAN]

Ciao! Ho una serie di problemi con il pc.
1)Non riesco più a visualizzare la guida in linea. Se da Start scelgo la voce relativa, il pc non apre nessuna finestra.
2) funzione Cerca. Anche in questo caso, se da Start scelgo la voce Cerca-->File o cartelle, si apre la finestra ma la colonna a sinistra per inserire ad esempio un file da ricercare sul pc, il tipo ed altro ancora, è vuota. Cosa è successo?

Su consiglio di Alexsandra ho provato il tool di rimozione, disponibile al seguente indirizzo:http://www.prevx.com/gromozon.asp,

Il risultato ottenuto è il seguente:

File name: C:\Programmi\File comuni\System\WNiBUd.exe
Encrypted file and hidden user folder detected!
User folder: C:\Documents and Settings\\VEE
File name: C:\Programmi\File comuni\System\xBs.exe
Trojan.Gromozon Removed!

Scan finished normally
For a detailed log, please refer to

\gromozon_removal.log

Forse il tool ha rimosso qualche virus, ma i problemi ci sono ancora. Come posso risolverli e ripristinare le impostazioni predefinite?

[Alexsandra]

Per vedere meglio se il tools è efficace dovresti postarci il log di Hijacthis prima e dopo l'esecuzione del tools.

[THECAPITAN]

Il log di Hijackthis è invariato. SIa prima che dopo la scansione con il tool, le voci sono le stesse.

[THECAPITAN]

Dimenticavo, ecco il log di hijackthis

Voci strane: UnSpypc e la voce Outpost che ricompare nel log, sebbene il prg sia stato disinstallato.

Logfile of HijackThis v1.99.1
Scan saved at 17.42.33, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\PROGRAMMI\WINRAR\WINRAR.EXE
C:\DOCUME~1\Manuel\IMPOST~1\Temp\Rar$EX00.483\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F4F4D7F4-6237-DF53-2AEC-C30930D7744E} - (no file)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [kav] "D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "D:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] "C:\Programmi\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [ccleaner] "D:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8751C-C31F-453F-ABE5-6101B1490C35}: NameServer = 85.255.113.117,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{968FDFA8-C2AA-44C8-A748-CFA7DE24FD5C}: NameServer = 85.255.113.117 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.117 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{86E8751C-C31F-453F-ABE5-6101B1490C35}: NameServer = 85.255.113.117,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.117 85.255.112.26
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com8.usa
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: SASWinLogon - D:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

[Alexsandra]

Fai questo controllo :
Start > Pannello di controllo > Installazione Applicazioni, doppio clik sopra all'icona e vedi se nell'elenco trovi voce LinkOptimizer.

PS. Non toglerla ssolutamente

Inoltre controlla nei servizi

Start > Esegui e digita services.msc
Scorri la lista e vedi se hai un servizio "strano" lo puoi riconoscere perchè riporta la descrizione di un altro servizio ma cambia il nome così

vedi che la descrizione è uguale, ma cambia il nome dei due servizi.

[andorra24]

1)Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programma potrai disistallare LinkOptimizer e Connection Services (qualora fossero presenti nel tuo computer). Non farlo da pannello di controllo, installazioni/applicazioni.

Apri il programmino, click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;

2) Start>esegui>control userpasswords2>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le solite Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

3) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, controlla se c'e' una cartella con lo stesso nome dell'utenza, elimina anch'essa.

[THECAPITAN]

Ciao! La voce LinkOptimizer non è presente nella finestra Installazione Applicazioni.
Digitando services.msc, compare una lista che comprende, tra le tante voci elencate, soltanto quella relativa a WebClient.

Oggi ho verificato l'esistenza di un nuovo problema: cliccando su un file audio da ascoltare mi compare il messaggio "errore interno dell'applicazione". Ci risiamo?

[Luke57]

Ciao, il tool ha eliminato:
l'eseguibile del servizio malefico e l'altro file .exe che il malware si tiene di riserva.
Con hijackthis, premi "open the misc tools section", "open unistall manager", cerchi ed evidenzi, se ci sono, link optimizer e Connection Services, premi Delete this entry.

Chiudi e riapri il programma, premi "do a system scan only", cerchi e spunti:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F4F4D7F4-6237-DF53-2AEC-C30930D7744E} - (no file)
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com8.usa
premi fix checked

Da:
start>esegui>control userpasswords2>OK
verifica nella finestra Account che non vi sia, accanto alle utenze solite (Administrators, Utente, Aspnet), una con nome casuale (dovrebbe essere, nel tuo caso, VEE). Se sì, evidenziala e rimuovila

Verifica in C:\documents and settings se è presente una cartella con lo stesso nome dell'utenza, elimina anch'essa (dovrebbe essere stata eliminata dal tool, comunque)

Dopo aver reso visibili file e cartelle di sistema, verifica se in C:\Programmi\File comuni\System, ci sono altri files colorati di verde.

[THECAPITAN]

Ho eliminato le voci da te elencate.
Poi ho rimosso l'utente VEE da Esegui. Ho verificato la sua esistenza nella cartella C:\documents and settings , ma credo sia stata rimossa dal tool

Nella cartella C:\Programmi\File comuni\System nn è presente nessun file di colore verde.

Non so se può essere d'aiuto, ma posto x sicurezza il log di gromozon:
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\aqa.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\aZNw.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\BEc.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\bNm.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\cDK.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\EKCl.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\iNK.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\lCOZeb.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\Mbg.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\Orh.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\PkQ.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\RbI.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\ssJ.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\sVQ.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\uyb.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\WNiBUd.exe
Removing directory: C:\Documents and Settings\\VEE
Removing protected file: C:\Programmi\File comuni\System\xBs.exe
Removing directory: C:\Documents and Settings\\VEE


Trojan.Gromozon Removed!

[Luke57]

Ciao, i files verdi sono stati fatti fuori dal tool.
Se vuoi fare ulteriore verifica scarica GMer da qui:
http://www.suspectfile.com/upload/files/tools/gmer.zip
lo avvii, ti posizioni su Roottkit e premi scan (non spuntare la casella show all altrimenti viene fuori un log chilometrico)
Al termine clicca su Copy e salva il log in un file di testo.
Fai uno scan anche dalla posizione , incollando il log nel medesimo file di testo e poi incollando i due log in un post.

[THECAPITAN]

Dopo aver elimanto 'utente VEE, ho aperto la finestra Account utente da Pannello di controllo, è nn mi compare nulla. Non vorrei che riavviando il pc, mi compaia qualche schermata con relativa password causandomi il non recupero dei file presenti sul pc.

Ieri ho descritto altri problemi, oggi l'ultimo con media player "errore interno dell'applicazione" Ogni giorno un problema diverso!
Cosa succede? Possibile che ttt questo casino sia riconducibile a Linkoptimizer? Help.

Cmq ti posto il log di gmer:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-06 12:25:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\D:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\D:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8249AF00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8249AF00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8249AF00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSEIRP_MJ_READ 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 823E3298
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 823E3298
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSEIRP_MJ_READ 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 823E3298
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP_POWER 823E3298
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8249AF00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 8249AF00
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSEIRP_MJ_READ 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 82436E58
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP_POWER 82436E58
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F2C6EC8A

---- Modules - GMER 1.0.10 ----

Module _________ F99ED000

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{5BA53F17-BC32-4FA0-9464-385BC9F3B987}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{5BA53F17-BC32-4FA0-9464-385BC9F3B987}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

[Luke57]

Ciao, scusami, il precedente post l'avevo scritto a metà. Mi occorre anche il log di GMer dalla posizione Autostart (quello è velocissimo).

[THECAPITAN]

Ok! Eccolo:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-06 12:37:22
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemcsjnz.exe = csjnz.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
SASWinLogon@DLLName = D:\Programmi\SUPERAntiSpyware\SASWINLO.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Anti-Virus 6.0*/@ = "D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r
ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe" /*file not found*/
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = D:\Programmi\ewido anti-spyware 4.0\guard.exe
NetSrn /*NetSrn*/@ = "C:\Programmi\File comuni\System\lCOZeb.exe" /*file not found*/
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Share-to-Web Namespace DaemonD:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe = D:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@ /*file not found*/ = /*file not found*/
@Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /*file not found*/ = C:\PROGRA~1\SYMNET~1\SNDMon.exe /*file not found*/
@kav"D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = "D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@NBJ"D:\Programmi\Ahead\Nero BackItUp\NBJ.exe" = "D:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/ = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/
@UnSpyPC"C:\Programmi\UnSpyPC\UnSpyPC.exe" /*file not found*/ = "C:\Programmi\UnSpyPC\UnSpyPC.exe" /*file not found*/
@ccleaner"D:\Programmi\CCleaner\ccleaner.exe" /AUTO = "D:\Programmi\CCleaner\ccleaner.exe" /AUTO

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}D:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll = D:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}D:\Programmi\SUPERAntiSpyware\SASSEH.DLL = D:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\PROGRAMMI\WINRAR\RAREXT.DLL = D:\PROGRAMMI\WINRAR\RAREXT.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Cartella di caricamento Share-to-Web*/D:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = D:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/D:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = D:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/(null) =
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a² Context Menu Shell Extension*/(null) =
@{59F96530-871E-11D3-BD55-00A0C9A341EC} /*Registry*/C:\WINDOWS\system32\regxplor.dll = C:\WINDOWS\system32\regxplor.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll = D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} =
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Programmi\ewido anti-spyware 4.0\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\PROGRAMMI\WINRAR\RAREXT.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} =
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\PROGRAMMI\WINRAR\RAREXT.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
ASW@{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} =
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\PROGRAMMI\WINRAR\RAREXT.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll" /*file not found*/
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----

[THECAPITAN]

Come Antivirus sto provando Kaspersky. Di conseguenza posso eliminare tutte le voci Symantec di Norton?
Come Firewall uso quello di winxp. E' sufficiente? 2 firewall vanno in conflitto? Posso eliminare in tal caso la voce Outpost con hijackthis?

[Luke57]

Ciao, l'unico riferimento alla presenza di linkoptimizer è il servizio ormai disabilitato e senza eseguibile, questo:
NetSrn
Prova questo comando:
start>esegui>sc delete NetSrn>OK
Per una disistallazione completa del Norton, se hai la versione 2005, vai qui:
http://www.pc-facile.com/forum/viewtopic.php?t=49941
l'ho appena descritta a un utente.
Penso che sia meglio avere un solo firewall.

[THECAPITAN]

Ti ringrazio mlt, ma l'ultima parte della procedura quella riguardante per gli ultimi residui nn posso eseguirla poichè la funzione Cerca nn è più attiva. Infatti, se da Start, scelgo la voce File o cartelle, si apre la finestra ma nn compare nessun spazio per inserire i file da ricercare. Come posso ripristinarla?
Per risolvere poi quel problema con media player "errore interno dell'applicazione" relativo all'ascolto di file audio? Come faccio? Posso risolvere tutti i problemi sopradescritti con un semplice aggiornamento automatico di windows? Fammi sapere

[Alexsandra]

per sistemare il cerca prova così

Metti il CD di Windows nel lettore e se parte l'installazione fermala. poi

Start -> Esegui e digita SFC /SCANNOW

Lascialo lavorare, poi esegui anche questi comandi

Start -> Esegui -> e digita C:\windows\inf

Cerca il file srchasst.inf, cliccaci sopra con il Dx e scegli installa e riavvia il sistema.

@Andorra e @ Luke

Che ne pensate del tools di Prevx?

Io non sono molto entusiasta

[andorra24]

@Andorra e @ Luke

Che ne pensate del tools di Prevx?

Io non sono molto entusiasta

Il tool purtroppo non riesce ad eliminare il malware al 100% (dovuto anche al fatto che ci sono molte varianti purtroppo) e ha sicuramente bisogno di essere rivisto e migliorato. Uno dei suoi sviluppatori ha detto che a breve uscira' una nuova versione del fix con dei ritocchi. Non so se un unico fix potra' debellare questo fastidiosissimo ed elaborato malware.

[Alexsandra]

E' già uscito, se vai nel sito in firma lo trovi.

Anch'io non sono molto entusiasta del tools, ma secondo mè ha ragione Luke

[andorra24]

ma secondo mè ha ragione Luke

Riguardo a cosa?