Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 12

Discussione: trojan.agent.wf

  1. 11-07-2006, 11:09 #1
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32

    trojan.agent.wf

    ho preso questo trojan, ewido lo trova lo elimina ma ogni volta mi ripresenta il messaggio d'infezione; forse il problema è che non riesce a cancellare il trojan perchè l'eseguibile kslr1.exe è tra le applicazioni e non riesco a terminarlo dal task manager.
    ho provato anche a disattivare il ripristino e fare una scansione completa sia con il Norton che con l'Ewido ma mi viene ancora trovato il seguente trojan trojan.agent.wf collegato all'esegibile kslr1.exe che ad ogni riavvio si autocrea in c:\windows\temp...
    che devo fare ancora?
    saluti
    Rispondi quotando Rispondi quotando
  2. 11-07-2006, 13:09 #2
    holifay
    holifay non è in linea
    Utente di HTML.it L'avatar di holifay
    Registrato dal
    May 2005
    Messaggi
    1,330
    è una invasione... leggi la seconda parte di questa guida e posta i log richiesti.
    http://forum.zeusnews.com/viewtopic.php?t=16712

    Non riavviare fino a che non prepariamo il fix per il tuo PC.

    Ciao
    Pensi di avere un file infetto? Invialo a SuspectFile
    Rispondi quotando Rispondi quotando
  3. 11-07-2006, 14:36 #3
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    ecco il log di hijackthis in rpovvisoria.
    grazie
    Logfile of HijackThis v1.99.1
    Scan saved at 14.04.05, on 11/07/06
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HIJack\HijackThis.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\mmc.exe

    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
    O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Programmi\Visual IP Trace\VisualIPTraceIE.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134401555109
    O16 - DPF: {71BC2ED7-60F8-40C7-816C-3BF05DB994A3} (ObjectX Pro Control Container Browser Persistence Control) - http://webibmext.np.ge.com/W2H/5,2,0...ocontainer.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://labview.ni.demoservers.com/proxy/srdp.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
    O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd .exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Data Historian (DataHistorian) - GE Industrial Systems - C:\PROGRA~1\GECONT~1\DATAHI~1\DataHistorian.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveDataServer - GE Drive Systems - C:\PROGRA~1\GECONT~1\DATAHI~1\LiveDataServer.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SysEit - Unknown owner - C:\:ssv.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    Rispondi quotando Rispondi quotando
  4. 11-07-2006, 14:51 #4
    holifay
    holifay non è in linea
    Utente di HTML.it L'avatar di holifay
    Registrato dal
    May 2005
    Messaggi
    1,330
    se è come penso, il log di HijackThis da solo non è sufficiete per risolvere il problema: occorrono tutti i log del link che ti ho dato.

    Comunque il log NON va fatto dalla modalità provvisoria. Leggi qui su come usarlo:
    http://forum.html.it/forum/showthrea...hreadid=811189
    Pensi di avere un file infetto? Invialo a SuspectFile
    Rispondi quotando Rispondi quotando
  5. 11-07-2006, 15:54 #5
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    abbi pazienza holifay sono un tipo precipitoso cmq ti ringrazio per quello che hai fatto fino ad ora restano 3 cose:
    1) ti metto tutti i log di seguito
    2) perchè non riesco a disinstallare ne a trovare quel maledetto Linkoptimizer?
    3) ma se ripristino un'immagine passata con drive image mi si pulisce il registro?

    saluti

    Logfile of HijackThis v1.99.1
    Scan saved at 15.28.56, on 11/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Ahead\InCD\InCDsrv.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd .exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\PROGRA~1\GECONT~1\DATAHI~1\DataHistorian.exe
    C:\Programmi\ewido anti-spyware 4.0\guard.exe
    C:\Programmi\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe
    C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programmi\CheckPoint\SecuRemote\bin\SR_GUI.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programmi\Unlocker\UnlockerAssistant.exe
    C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
    C:\Programmi\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Everyday Auto Backup\AutoBackup.exe
    C:\Programmi\BySoft FreeRAM\FreeRAM.exe
    C:\Programmi\Rainlendar\Rainlendar.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HIJack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/mirkolibraschiineinstein/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http-proxy.np.ge.com:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 3.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {694EA6CD-2462-8B8D-8291-F52E6F8E1381} - C:\WINDOWS\khrvd1.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
    O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Programmi\Visual IP Trace\VisualIPTraceIE.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Everyday Auto Backup] C:\Programmi\Everyday Auto Backup\AutoBackup.exe /1
    O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\BySoft FreeRAM\FreeRAM.exe
    O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134401555109
    O16 - DPF: {71BC2ED7-60F8-40C7-816C-3BF05DB994A3} (ObjectX Pro Control Container Browser Persistence Control) - http://webibmext.np.ge.com/W2H/5,2,0...ocontainer.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://labview.ni.demoservers.com/proxy/srdp.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
    O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd .exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: Data Historian (DataHistorian) - GE Industrial Systems - C:\PROGRA~1\GECONT~1\DATAHI~1\DataHistorian.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveDataServer - GE Drive Systems - C:\PROGRA~1\GECONT~1\DATAHI~1\LiveDataServer.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SysEit - Unknown owner - C:\:ssv.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    ADS Misctools

    C:\WINDOWS\system32 : emaa.dll (9728 bytes)
    C:\WINDOWS\system32 : emaa.dll (9728 bytes)
    Li devo cancellare?
    Rispondi quotando Rispondi quotando
  6. 11-07-2006, 15:57 #6
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run\
    "WinUpdate.exe" = "C:\Programmi\Windows\WinUpdate.exe" [file not found]

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "msnmsgr" = ""C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [MS]
    "Everyday Auto Backup" = "C:\Programmi\Everyday Auto Backup\AutoBackup.exe /1" [null data]
    "BySoft FreeRAM" = "C:\Programmi\BySoft FreeRAM\FreeRAM.exe" ["BySoft"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "ATIPTA" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "IntelZeroConfig" = "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" ["Intel Corporation"]
    "IntelWireless" = "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]
    "UnlockerAssistant" = ""C:\Programmi\Unlocker\UnlockerAssistant.exe" " [null data]
    "!ewido" = ""C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
    "DLBTCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {694EA6CD-2462-8B8D-8291-F52E6F8E1381}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Class"
    \InProcServer32\(Default) = "C:\WINDOWS\khrvd1.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
    -> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\Office\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
    \InProcServer32\(Default) = "C:\Office\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Office\OFFICE11\msohev.dll" [MS]
    "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
    -> {HKLM...CLSID} = "AcSignIcon"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
    "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
    -> {HKLM...CLSID} = "ACTHUMBNAIL"
    \InProcServer32\(Default) = "C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
    "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
    -> {HKLM...CLSID} = "ACDWFTHMBPRXY"
    \InProcServer32\(Default) = "C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "C:\Programmi\Ahead\InCD\incdshx.dll" ["Nero AG"]
    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
    -> {HKLM...CLSID} = "ImageExtractorShellExt Class"
    \InProcServer32\(Default) = "C:\Office\Visio11\VISSHE.DLL" [null data]
    "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
    -> {HKLM...CLSID} = "CInfoTipShellExt Class"
    \InProcServer32\(Default) = "C:\Office\Visio11\VISSHE.DLL" [null data]
    "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
    -> {HKLM...CLSID} = "Nokia Phone Browser"
    \InProcServer32\(Default) = "C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

    ---- Modules - GMER 1.0.10 ----

    Module _________ F73A0000
    Rispondi quotando Rispondi quotando
  7. 11-07-2006, 15:57 #7
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    ---- Modules - GMER 1.0.10 ----

    Module _________ F73A0000

    ---- Files - GMER 1.0.10 ----

    File C:\System Volume Information\MountPointManagerRemoteDatabase
    File C:\System Volume Information\tracking.log
    File C:\WINDOWS\khrvd1.dll
    File C:\WINDOWS\system32\lpt7.wfv

    ---- EOF - GMER 1.0.10 ----



    GMER 1.0.10.10122 - http://www.gmer.net
    Autostart 2006-07-11 15:39:05
    Windows 5.1.2600 Service Pack 2


    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
    AtiExtEvent@DLLName = Ati2evxx.dll
    ckpNotify@DLLName = ckpNotify.dll
    IntelWireless@DLLName = C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt7.wfv

    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    ANSYS FLEXlm license manager /*ANSYS FLEXlm license manager*/@ = C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd .exe
    Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
    ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe"
    ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    DataHistorian /*Data Historian*/@ = C:\PROGRA~1\GECONT~1\DATAHI~1\DataHistorian.exe
    EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
    InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
    InCDsrvR /*InCD Helper (read only)*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe -r
    ISSVC /*ISSvc*/@ = "C:\Programmi\Norton Internet Security\ISSVC.exe"
    LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
    LkCitadelServer /*Lookout Citadel Server*/@ = C:\WINDOWS\system32\lkcitdl.exe
    lkClassAds /*National Instruments PSP Server Locator*/@ = C:\WINDOWS\system32\lkads.exe
    lkTimeSync /*National Instruments Time Synchronization*/@ = C:\WINDOWS\system32\lktsrv.exe
    navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
    NICCONFIGSVC /*NICCONFIGSVC*/@ = C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    NIDomainService /*National Instruments Domain Service*/@ = "C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe"
    RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
    SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
    SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
    Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
    SR_WatchDog /*Check Point SecuRemote WatchDog*/@ = C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog .exe
    Symantec Core LC /*Symantec Core LC*/@ = C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    SymWSC /*SymWMI Service*/@ = "C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe"
    SysEit /*SysEit*/@ = "C:\:ssv.exe"
    TabletService /*TabletService*/@ = C:\WINDOWS\system32\Tablet.exe
    WLANKEEPER /*WLANKEEPER*/@ = C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
    wltrysvc /*Dell Wireless WLAN Tray Service*/@ = %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    @IntelZeroConfigC:\Programmi\Intel\Wireless\bin\ZC fgSvc.exe = C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
    @IntelWirelessC:\Programmi\Intel\Wireless\Bin\ifrm ewrk.exe /tf Intel PROSet/Wireless = C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    @UnlockerAssistant"C:\Programmi\Unlocker\UnlockerA ssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
    @!ewido"C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
    @DLBTCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    @msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    @Everyday Auto BackupC:\Programmi\Everyday Auto Backup\AutoBackup.exe /1 /*file not found*/ = C:\Programmi\Everyday Auto Backup\AutoBackup.exe /1 /*file not found*/
    @BySoft FreeRAMC:\Programmi\BySoft FreeRAM\FreeRAM.exe = C:\Programmi\BySoft FreeRAM\FreeRAM.exe

    HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run@WinUpdate.exe = C:\Programmi\Windows\WinUpdate.exe /*file not found*/

    HKLM\Software\Classes\.scr@ = C:\WINDOWS\NOTEPAD.EXE "%1"

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved >>>
    @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
    @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
    @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
    @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
    @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    @{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
    @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\Office\OFFICE11\MLSHEXT.DLL = C:\Office\OFFICE11\MLSHEXT.DLL
    @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\Office\OFFICE11\OLKFSTUB.DLL = C:\Office\OFFICE11\OLKFSTUB.DLL
    @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Office\OFFICE11\msohev.dll = C:\Office\OFFICE11\msohev.dll
    @{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
    @{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
    @{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
    @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
    @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
    @{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
    @{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
    @{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
    @{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Office\Visio11\VISSHE.DLL = C:\Office\Visio11\VISSHE.DLL
    @{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Office\Visio11\VISSHE.DLL = C:\Office\Visio11\VISSHE.DLL
    @{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    @{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
    @{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
    @{EF479680-EA35-4EA9-B093-7114F3E3E0DA} /*Directory Lister*/C:\Programmi\Directory Lister\DirListerExt.dll = C:\Programmi\Directory Lister\DirListerExt.dll
    @{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
    @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
    Rispondi quotando Rispondi quotando
  8. 11-07-2006, 15:58 #8
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ >>>
    ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
    Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    UltraEdit-32@{b5eedee0-c06e-11cf-8c56-444553540000} = C:\PROGRA~1\ULTRAE~1\ue32ctmn.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ >>>
    Copy To@0 =
    ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
    Move To@ =
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ >>>
    DirLister@{EF479680-EA35-4EA9-B093-7114F3E3E0DA} = C:\Programmi\Directory Lister\DirListerExt.dll
    Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects@{694EA6CD-2462-8B8D-8291-F52E6F8E1381} = C:\WINDOWS\khrvd1.dll

    HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Start Pagehttp://xoomer.alice.it/mirkolibraschiineinstein/ = http://xoomer.alice.it/mirkolibraschiineinstein/
    @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
    its@CLSID = C:\WINDOWS\system32\itss.dll
    livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
    ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    ms-its@CLSID = C:\WINDOWS\system32\itss.dll
    msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DL L
    mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DL L
    tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

    HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

    C:\Documents and Settings\Librainstein\Menu Avvio\Programmi\Esecuzione automatica = Rainlendar.lnk

    ---- EOF - GMER 1.0.10 ----
    Rispondi quotando Rispondi quotando
  9. 11-07-2006, 16:01 #9
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-07-11 15:44:33
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.10 ----

    SSDT d347bus.sys ZwClose
    SSDT 82ED8B60 ZwConnectPort
    SSDT d347bus.sys ZwCreateKey
    SSDT d347bus.sys ZwCreatePagingFile
    SSDT d347bus.sys ZwEnumerateKey
    SSDT d347bus.sys ZwEnumerateValueKey
    SSDT d347bus.sys ZwOpenKey
    SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
    SSDT 82E52810 ZwOpenThread
    SSDT d347bus.sys ZwQueryKey
    SSDT d347bus.sys ZwQueryValueKey
    SSDT d347bus.sys ZwSetSystemPowerState
    SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

    ---- Devices - GMER 1.0.10 ----

    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 829D5538
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 829D5538
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 829D5538
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 829D64B0
    Rispondi quotando Rispondi quotando
  10. 11-07-2006, 16:02 #10
    Laplaciano
    Laplaciano non è in linea
    Utente di HTML.it
    Registrato dal
    Jun 2006
    Messaggi
    32
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 829D64B0
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 829D64B0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 829D64B0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 829D5538
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 829D5538
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_CREATE 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_CREATE_NAMED_PIPE 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_CLOSEIRP_MJ_READ 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_WRITE 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_QUERY_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SET_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_QUERY_EA 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SET_EA 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_FLUSH_BUFFERS 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_QUERY_VOLUME_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SET_VOLUME_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_DIRECTORY_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_FILE_SYSTEM_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_DEVICE_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_INTERNAL_DEVICE_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SHUTDOWN 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_LOCK_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_CLEANUP 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_CREATE_MAILSLOT 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_QUERY_SECURITY 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SET_SECURITY 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_POWER 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SYSTEM_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_DEVICE_CHANGE 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_QUERY_QUOTA 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_SET_QUOTA 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_PNP 829FF008
    Device \Driver\usbstor \Device\000000a7 IRP_MJ_PNP_POWER 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_CREATE 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_CREATE_NAMED_PIPE 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_CLOSEIRP_MJ_READ 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_WRITE 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_QUERY_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_SET_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_QUERY_EA 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_SET_EA 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_FLUSH_BUFFERS 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_QUERY_VOLUME_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_SET_VOLUME_INFORMATION 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_DIRECTORY_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_FILE_SYSTEM_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_DEVICE_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_INTERNAL_DEVICE_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_SHUTDOWN 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_LOCK_CONTROL 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_CLEANUP 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_CREATE_MAILSLOT 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_QUERY_SECURITY 829FF008
    Device \Driver\usbstor \Device\000000a8 IRP_MJ_SET_SECURITY 829FF008
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.