AIUTO per TROJAN HORSE!

[jillie]

Ciao a tutti,
ieri, il mio antivirus (avg) ha trovato in C->programmi->file comuni->systemun file infettato da un virus, il file è chiamato iWHU e l'antivirus dice che si tratta di un trojan. Ho provato a cancellarlo, ma non me lo fa cancellare ( mi dice impossibile cancellarle file protetto da scrittura etc...) e ho notato che quando apro task manager, mentre prima potevo tranquillamente chiudere qualche programma o processo che non stavo usando (vedi msnmessenger) adesso tutti o quasi i processi di taskmanager me li blocca dicendo sempre (file protetto da scrittura impossibile cancellare).
Stamattina ho rifatto la scansione con Avg, ma non mi considera più quel file come virus!

Intanto però non me lo fa cancellare e vedendo sulle proprietà mi dice che è un file di sola lettura, crittografato...
Che posso fare? Come cancellarlo?

Grazie a tutti
Giuliana

[Luke57]

Ciao, scarica questo tool della symantec da qui ed eseguilo:
http://smallbiz.symantec.com/security_r ... 16-4153-99

L´esito viene salvato nel file FixLinkopt.log

Incolla il report in un post.

Scarica anche questo tool:
http://www.prevx.com/gromozon.asp

ed eseguilo. Al riavvio, il programma terminerà la sua scansione. Puoi dire di no alla proposta di installare un elemento della prevx.
Il report della scansione lo trovi in C:\Gromozon_Removal.log.

Posta anch’esso.

Avvisa in caso di problemi.

[jillie]

Ciao, grazie per l'aiuto, ma ho potuto scaricare il tutto solo ora.
Allora ho fatto come dicevi e mi ha dato così:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
Failed to acquire SeDebugPrivilege
service: SecAth (logon as: .\qvJuFToD, passed filters)
service: SecAth (file path: C:\Programmi\File comuni\System\dKrpu.exe - infected)
file: C:\Programmi\File comuni\System\dKrpu.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAth\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAth\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAth (key deleted)
reg: ...\SpecialAccounts\UserList\qvJuFToD (value deleted)
folder: \\?\C:\Documents and Settings\qvJuFToD (deleted)
user: qvJuFToD (deleted)


Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 117258
The number of deleted threat files: 1
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.



L'altro link che mi hai dato invece non funziona.
Poi però ho visto che si creano tanti altri piccoli file nella cartella dove c'è questo file coi nmi più assurdi tipo: xcsfeh cose così tutti si possono cancellare tranne questo file che mi da sempre impossibile cancellare.

Sto diventando pazza!!

[Luke57]

Ciao, prelevalo da qui:
http://www.mytempdir.com/988986
disattiva l'antivirus durante il download e la scansione. Al riavvio del computer, il programma terminerà la scansione nelle restanti cartelle di windows.
Sarà rilasciato un report in C:\Gromozon_Removal.log.

Incollalo in un post.

Poi scarica Gmer :
http://www.gmer.net/gmer111.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione ''Autostart'', con le stesse procedure del precedente. Incolla il log generato nel suddetto block notes e poi incolla i due log in un post nel forum.

In caso di problemi o di intoppi nell'esecuzione delle procedure, avvisaci.

[jillie]

Ciao, grazie dell'aiuto. Allora, posto i due risultati:


GROMOZON:


Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\system32\aux.ocd
\\?\C:\WINDOWS\system32\aux.ocd
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\iWHU.exe
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\axtmy1.dll
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\system32\ThriXXX000089SOUNDDX3.dll
Removed!


Trojan.Gromozon Removed!

[jillie]

E questo è GMER:

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-19 23:19:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86F12FB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85B9F638
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B9D85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B9D85A] avgtdi.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1BDF4C0
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1BDF4C0
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1BDF4C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85B78E00
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 859BDD10
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 85B78E00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLOSE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_READ 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_WRITE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_EA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FLUSH_BUFFERS 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DIRECTORY_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SHUTDOWN 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_LOCK_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLEANUP 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_MAILSLOT 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_SECURITY 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_POWER 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SYSTEM_CONTROL 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CHANGE 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_QUOTA 85D58910
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_PNP 85D58910
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 85B78E00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 85B78E00
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E16B78D8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E16B78D8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E16B78D8
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8593F338
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B9D85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B9D85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85A80D08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B9D85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85A80D08
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 85988EA0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 859CEEA8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_CREATE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_CLOSE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_READ 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_WRITE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SET_EA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_POWER 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 IRP_MJ_PNP 85A49538
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B79661] prosync1.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 85A49538
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 85A49538
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port4Path0Target4Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B79661] prosync1.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85B9F638
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 85ADDEB8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 85ADDEB8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 85ADDEB8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 85ADDEB8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 85ADDEB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85D5D258

---- Modules - GMER 1.0.11 ----

Module _________ F758A000

---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CB0AACC9
ADS ...

---- EOF - GMER 1.0.11 ----





QUESTO E' GMER DALL'AUTOSTART:




AUTOSTART:


GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-19 23:20:20
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@SystemC:\WINDOWS\system32\winlog.com = C:\WINDOWS\system32\winlog.com

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
LVPrcSrv /*Logitech Process Monitor*/@ = c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@AVG7_EMCC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{6EE51AA0-77A0-11D7-B4E1-000347126E46} /*Window Washer Shredding Utility*/(null) =
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
moveonboot_delete@{12B23346-6BD8-4812-BF8C-75E7C386ACB8} = C:\Programmi\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zipn.dll
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
FineReader@{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = C:\Programmi\ABBYY\FineReader 6.0\FECMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bw+0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw+0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw-0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw-0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw00@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw00s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw10@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw10s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw20@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw20s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw30@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw30s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw40@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw40s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw50@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw50s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw60@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw60s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw70@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw70s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw80@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw80s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw90@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bw90s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwa0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwa0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwb0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwb0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwc0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwc0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwd0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwd0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwe0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwe0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwf0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwf0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwfile-8876480@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
bwg0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwg0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwh0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwh0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwi0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwi0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwj0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwj0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwk0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwk0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwl0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwl0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwm0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwm0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwn0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwn0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwo0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwo0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwp0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwp0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwq0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwq0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwr0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwr0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bws0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bws0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwt0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwt0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwu0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwu0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwv0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwv0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bww0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bww0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwx0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwx0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwy0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwy0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwz0@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
bwz0s@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
offline-8876480@CLSID = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.11 ----

[jillie]

Ho appena controllato e il file è stato cancellato!!! GRAZIEEE SEI UN MITO!!!
Stavo diventando pazza, mi riempiva la casella di programmini dai nomi strani
e oltretutto da due giorni l'antivirus mi avvisava che mi stavo connettendo
a un indirizzo ip (che mettendolo in internet dava come di un provider francese!)
Ogni volta che vedevo connecting to...mi toglievo da internet, ma non so se facessi molto con
questa tecnica. Mmmm pensi che qualcuno sia entrato nel mio pc:/?? Corro ancora qualche rischio?
Ciao Giuliana.

[vashzz]

penso di avere un problema simile.

mi hanno addirittura rimosso hijackthis dal computer infetto.

potete dare un'occhiata? grazie in anticipo

Logfile of HijackThis v1.99.1
Scan saved at 16.26.21, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Mozilla Firefox\in.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\File comuni\{507D006F-0576-1040-1029-030211070027}\Update.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\DOCUME~1\Luigi\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{307D006F-0576-1040-1029-030211070027}\MyToolBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] C:\Programmi\Mozilla Firefox\in.exe
O4 - HKLM\..\Run: [fnp01f85] RUNDLL32.EXE w0340eef.dll,n 00601f7f0000000a0340eef
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\dqband.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

[vashzz]

ops

scusatemi rileggendo il thread direi che non ho lo stesso problema.

però l'antivirus mi rileva qualcosa come 8 trojan. ho provato a disinstallare qualche programma infetto (deskbar, command etc) ma ogni volta che mi connetto oltre al consueto spyware mi appaiono delle finestre nominate "project1" e sono costretto a disconnettermi. vi prego di aiutarmi

[andorra24]

@vashzz

Lancia questo tool di rimozione dell'adware look2me perche' ne sei affetto: http://www.atribune.org/content/view/28/

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\Programmi\File comuni\{507D006F-0576-1040-1029-030211070027}\Update.exe
C:\WINDOWS\system32\crunner\cproc.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'':

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{307D006F-0576-1040-1029-030211070027}\MyToolBar.dll
O4 - HKLM\..\Run: [fnp01f85] RUNDLL32.EXE w0340eef.dll,n 00601f7f0000000a0340eef
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e33.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\dqband.dll

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
Elimina i seguenti files:
C:\Programmi\File comuni\{507D006F-0576-1040-1029-030211070027}\Update.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Programmi\Deskbar\deskbar.dll
C:\Programmi\File comuni\{307D006F-0576-1040-1029-030211070027}\MyToolBar.dll
c:\\dfndrff_e33.exe
C:\WINDOWS\system32\dqband.dll

Devi fare un controllo su un file molto sospetto:
C:\Programmi\Mozilla Firefox\in.exe
scansiona il file in.exe su http://www.virustotal.com/ e se risulta infetto eliminalo.

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE

[vashzz]

innanzitutto ti ringrazio per la disponibilità.

ecco cos'ho fatto (non mi uccidere, ti prego)


lanciato il tool

killato i processi

fixato gli elementi

e fin qui tutto ok

poi mi sono connesso a internet per scaricare l'antispyware ma i virus c'erano ancora.

mi sono disconnesso e ho fatto partire la scansione.

risultato: 288 virus (può essere un record?)

dopo averli eliminati per sicurezza ho fatto un'altra scansione (16 virus), ma nel mentre ho eliminato alcuni file che non dovevano essere eliminati.

quindi ora non mi si avvia più il computer (mi dice che ovviamente manca un file).

se hai abbastanza pazienza/clemenza puoi consigliarmi un modo per farlo ripartire, magari un disco di avvio?

(considerato che non ha il lettore floppy)

[vashzz]

aggiungo anche che se premo f8 non succede nulla. devo formattare?

[Luke57]

Ciao, quale file manca?

[andorra24]

Dovevi eliminare solo le infezioni, non i files di sistema!
Premi continuamente F8 in fase di avvio e quando ti compare il menù di scelta seleziona la voce "ripristino ultima configurazione sicuramente funzionante". Oppure scegli la voce "modalità provvisoria" e segui le indicazioni di questo link: http://www.pcopen.it/01NET/HP/0,1254,4_ ... 50,00.html
Oppure, se hai il cd di XP, prova un'installazione di ripristino.
Di piu' non posso fare.

[vashzz]

ti ringrazio.

vedrò cosa posso fare.

con f8 ho provato ma invano, vedrò col dico cosa succede.

[vashzz]

ti ringrazio!

sono riuscito a risolvere tutto grazie al disco di ripristino, e anche con i virus tutto sistemato. grazie ancora