Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

avenger e gmer

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

avenger e gmer

Messaggioda trip » dom gen 28, 2007 6:07 pm

Se e vero che per leggere il log di hijacthis non ho avuto , non posso dire la stessa cosa per il log di gmer [:p] .Mi piacerebbe sapere interpretare le varie indicazioni presente in quest'ultimo [uhm] .
Qualcuno e cosi gentile da darmi qualche indicazione?! [fischio]

altro problema:come faccio a "scrivere" o dove prendo lo script da inserire nella finestra di avenger [boh] [boh] [boh]

grazie 1000x le risposte
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » dom gen 28, 2007 7:10 pm

Per leggere il log di Gmer dovresti avere almeno la minima conoscenza del windows, dei processi e servizi principali di sistema, i nomi dei file .exe e .dll di svariati programmi eccetera... altrimenti la cosa si fa lunga, visto che dovrai fare la ricerca sul google o altrove di ogni singola voce.

Una volta individuate le voci ed i file che normalmente su un sistema "sano" non dovrebbero esserci, puoi preparare lo script da eseguire con Avenger.
Sulla homepage del sito c'è una guida su come usare Avenger.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » dom feb 18, 2007 7:52 pm

ti ringrazio per la tua risposta..
giusto per approfondire l'argomento...
gmer ha trovato un rotkit nel mio pc evidenziandolo in rosso.
Se vado nella cartella processi e una volta selezionato, nella parte inferiore della finestra, nei riquadri"librares" e "threads" mi appaiono dei file (per lla maggior parte librerie).
Suppongo che sono tutti i file a cui il rootkit fa riferimento. Sbaglio?
Ora...per eliminare qualsiasi traccia del file malevole devo eliminare tutti questi file??Alcuni di questi sono pero del OS!!
Che cosa devo fare

grazie 1000
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm


Messaggioda Amantide » dom feb 18, 2007 7:58 pm

E chi ti ha detto che questo rootkit sia malevole? [uhm]

Comunque, una volta trovato il rootkit malevole, sarà sufficiente eliminare il rootkit stesso.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » dom feb 18, 2007 8:12 pm

per primo mel'ha detto gmer e poi ho cercato con gogle x saperne di piu



sarà sufficiente eliminare il rootkit stesso


cliccando sopra con il tasto dx del mouse epoi kill process andando poi ad eliminarlo manualmente dalla cartella??
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » dom feb 18, 2007 8:14 pm

trip ha scritto:per primo mel'ha detto gmer e poi ho cercato con gogle x saperne di piu



sarà sufficiente eliminare il rootkit stesso


cliccando sopra con il tasto dx del mouse epoi kill process andando poi ad eliminarlo manualmente dalla cartella??

Prima di risponderti vorrei sapere il nome di questo rootkit [fischio] Non vorrei essere responsabile se dovessi combinare i danni [acc2]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » dom feb 18, 2007 8:19 pm

ti ringrazio per la tua preoccupazione..
il file in questione è "12155100116.exe" che si è installato nella direttori c:/windows.Ho tovato notizie nel sito di prevx.


e per quanto riguarda...


Se vado nella cartella processi e una volta selezionato, nella parte inferiore della finestra, nei riquadri"librares" e "threads" mi appaiono dei file (per lla maggior parte librerie).
Suppongo che sono tutti i file a cui il rootkit fa riferimento. Sbaglio?


grazie
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » dom feb 18, 2007 8:25 pm

Tutti i file malefici per svolgere il loro sporco lavoro devono interagire con i processi di sistema, ma questo non vuol dire che per eliminare i virus devi eliminare anche i file di sistema.

Penso che sia il caso che apri una nuova discussione postando i log di Autostart e Rootkit, perché quel file .exe non è l'unico file infetto nel tuo sistema.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » dom feb 18, 2007 9:22 pm

NO, non e l'unico file.Infatti ,se le info che ho raccolto in merito sono corrette, genera un'antro file di nome msnhp32.dll sempre nella cartella windows.
Comunque non preoccupoarti..non ho problemi nell'eliminazione di questi.Volevo solo capire un po!

Quindi se ho ben capito tutti quei file che appaiono nelle linguette "librares" e "threads" sono i processi a cui si "lega" il mio bel file 12155100116.exe,e una volta eliminato quest'ultimo i processi in questione non dovrebbero conservare alcun residuo malevole?

ultima domanda poi non do piu noia
Piu in generale ,c'è qualche comando o programma che mi permette di risalire a quale chiave di registro ,.dll o altro tipo di file puo essere generato da un executibile?
mi spiego meglio..
nel caso io no avessi trovato info su 12155100116.exe come avrei potuto trovare gli altri file o chiavi di reg da lui generati?c'e qualcche comando programma o stratagemma?quale?

visto la tua pazienza e disponibilità ti ofrirò almeno un caffè [:-H] [:-H]
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » dom feb 18, 2007 9:38 pm

Allora, il rootkit in questione è il file msnhp32.dll e non 12155100116.exe [sh] e se mi fai vedere i log di Gmer ti saprò indicare lo script giusto per Avenger.
Quindi se ho ben capito tutti quei file che appaiono nelle linguette "librares" e "threads" sono i processi a cui si "lega" il mio bel file 12155100116.exe,e una volta eliminato quest'ultimo i processi in questione non dovrebbero conservare alcun residuo malevole?

A volte può accadere che qualche virus compromette i file legittimi di sistema, ma per fortuna accade raramente. In caso di questa infezione basterà eliminare solo i file malevoli.
Piu in generale ,c'è qualche comando o programma che mi permette di risalire a quale chiave di registro ,.dll o altro tipo di file puo essere generato da un executibile?
mi spiego meglio..
nel caso io no avessi trovato info su 12155100116.exe come avrei potuto trovare gli altri file o chiavi di reg da lui generati?c'e qualcche comando programma o stratagemma?quale?

Si, ci sono, però è molto complesso da eseguire, tant'è che io non trovo nè tempo ne voglia, nè corraggio di iniziare a farlo, anche se mi hanno spiegato passo passo come si fa. Praticamente prima devi scoprire con qualche packers è stato compresso il file in questione, poi devi cercare un programma che ti permetterà di aprire quel genere di packers e sopratutto che ti permetterà di sorpassare le varie protezioni... ed alla fine arriva il bello... dovrai riuscire ad interpretare ciò che vedrai [:D]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » lun feb 19, 2007 11:51 pm

se non lo dici a nessuno [sh] ti do i miei log...

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-19 22:38:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F708862C 5 Bytes JMP 8625F1C8
.text tcpip.sys!IPTransmit + 10B7 B2C10CFA 6 Bytes CALL F72243C0 Teefer.sys
.text tcpip.sys!IPTransmit + 24D9 B2C1211C 6 Bytes CALL F72243C0 Teefer.sys
.text tcpip.sys!IPTransmit + 4662 B2C142A5 6 Bytes CALL F72243C0 Teefer.sys
.text wanarp.sys F77513FD 4 Bytes CALL F7224510 Teefer.sys
.text wanarp.sys F7751402 2 Bytes [ 90, 90 ]

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[408] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes JMP 3F941783
.text C:\WINDOWS\explorer.exe[408] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 023E34ED; RET
.text C:\WINDOWS\explorer.exe[408] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 023E3650; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F926E83
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, 95 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, 95 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[1112] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F92B683
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, DD ]
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, DD ]
.text C:\Programmi\ESET\nod32kui.exe[1156] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F927783
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, 9E ]
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, 9E ]
.text C:\WINDOWS\system32\ctfmon.exe[1196] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F928583
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, AC ]
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, AC ]
.text C:\Programmi\IPM\Adsl\DataWay\dslstat.exe[1288] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\PROGRA~1\MOZILL~1\firefox.exe[1404] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes JMP 3F934983
.text C:\PROGRA~1\MOZILL~1\firefox.exe[1404] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 017034ED; RET
.text C:\PROGRA~1\MOZILL~1\firefox.exe[1404] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01703650; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2140] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes JMP 3F97C483
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2140] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 05EB34ED; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2140] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 05EB3650; RET
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F929F83
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, C6 ]
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, C6 ]
.text C:\WINDOWS\gmer.exe[2412] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865641E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F795D360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F795D580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F795D6A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F795D6D0] wpsdrvnt.sys
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_CREATE [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_CREATE_NAMED_PIPE [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_CLOSE [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_READ [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_WRITE [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_QUERY_INFORMATION [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SET_INFORMATION [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_QUERY_EA [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SET_EA [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_FLUSH_BUFFERS [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_QUERY_VOLUME_INFORMATION [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SET_VOLUME_INFORMATION [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_DIRECTORY_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_FILE_SYSTEM_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_DEVICE_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_INTERNAL_DEVICE_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SHUTDOWN [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_LOCK_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_CLEANUP [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_CREATE_MAILSLOT [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_QUERY_SECURITY [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SET_SECURITY [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_POWER [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SYSTEM_CONTROL [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_DEVICE_CHANGE [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_QUERY_QUOTA [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_SET_QUOTA [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 IRP_MJ_PNP [B26B85C0] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoCheckIfPossible [B26B4A13] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoRead [B26B4BD4] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoWrite [B26B4D4A] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoQueryBasicInfo [B26B4ECF] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoQueryStandardInfo [B26B509F] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoLock [B26B524D] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoUnlockSingle [B26B53F6] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoUnlockAll [B26B5571] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoUnlockAllByKey [B26B56BF] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoDeviceControl [B26B6BE9] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 AcquireFileForNtCreateSection [B26B6FCC] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 ReleaseFileForNtCreateSection [B26B70FE] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoDetachDevice [B26B723B] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoQueryNetworkOpenInfo [B26B5833] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 AcquireForModWrite [B26B5A02] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 MdlRead [B26B5B4C] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 MdlReadComplete [B26B5CBD] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 PrepareMdlWrite [B26B5E04] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 MdlWriteComplete [B26B5F88] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoReadCompressed [B26B60C2] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoWriteCompressed [B26B623E] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 MdlReadCompleteCompressed [B26B63C2] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 MdlWriteCompleteCompressed [B26B650D] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 FastIoQueryOpen [B26B665B] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 ReleaseForModWrite [B26B682B] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 AcquireForCcFlush [B26B6968] FILEM701.SYS
Device \Driver\FILEMON701 \Device\Filemon701 ReleaseForCcFlush [B26B6AA2] FILEM701.SYS
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 861A41E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 861A41E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » mar feb 20, 2007 1:30 pm

Mi sa che qualcosina hai già eliminato da solo, è vero? [:)]
Mi dovreisti postare anche il log di Autostart, quello di Rootkit soltanto non è sufficiente per fare una "diagnosi".
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda trip » dom feb 25, 2007 3:08 pm

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-25 13:50:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F708862C 5 Bytes JMP 861991C8
.text tcpip.sys!IPTransmit + 10B7 B2C10CFA 6 Bytes CALL F72243C0 Teefer.sys
.text tcpip.sys!IPTransmit + 24D9 B2C1211C 6 Bytes CALL F72243C0 Teefer.sys
.text tcpip.sys!IPTransmit + 4662 B2C142A5 6 Bytes CALL F72243C0 Teefer.sys
.text wanarp.sys F77313FD 4 Bytes CALL F7224510 Teefer.sys
.text wanarp.sys F7731402 2 Bytes [ 90, 90 ]

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[1568] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes JMP 3F93AE83
.text C:\WINDOWS\explorer.exe[1568] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01D534ED; RET
.text C:\WINDOWS\explorer.exe[1568] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01D53650; RET
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F929F83
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, C6 ]
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, C6 ]
.text C:\WINDOWS\gmer.exe[1888] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F926D83
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, 94 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, 94 ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE[2320] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2548] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\MsnMsgr.Exe
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2848] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes JMP 3F9A6F83
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2848] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 089634ED; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2848] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 08963650; RET
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F92C183
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, E8 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, E8 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2864] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F92A583
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, CC ]
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, CC ]
.text C:\Programmi\ESET\nod32kui.exe[3096] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F927683
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, 9D ]
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, 9D ]
.text C:\WINDOWS\system32\ctfmon.exe[3364] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes JMP 3F92D283
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, ED, 34, F9 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 50, 36, F9 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3788] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865641E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865641E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85F3D980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85F3D980
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7945360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7945580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F79456A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F79456D0] wpsdrvnt.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 862501E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865661E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865661E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 862501E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 862391E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 862391E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7945360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7945580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F79456A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F79456D0] wpsdrvnt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 865D31E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862668F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862668F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 865D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 865D21E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_CREATE 85DD1980
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_CLOSE 85DD1980
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_INTERNAL_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_CLEANUP 85DD1980
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} IRP_MJ_PNP 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85DD1980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85DD1980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85DD1980
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F7945360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F7945580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F79456A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F79456D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F7945360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F7945580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F79456A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F79456D0] wpsdrvnt.sys
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_CREATE 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_CLOSE 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_READ 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_WRITE 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_DEVICE_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_INTERNAL_DEVICE_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_POWER 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_SYSTEM_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006a IRP_MJ_PNP 85C25680
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 862501E8
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_CREATE 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_CLOSE 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_READ 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_WRITE 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_DEVICE_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_INTERNAL_DEVICE_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_POWER 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_SYSTEM_CONTROL 85C25680
Device \Driver\USBSTOR \Device\0000006d IRP_MJ_PNP 85C25680
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 862501E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F7945360] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F7945580] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F79456A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F79456D0] wpsdrvnt.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85C32600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85C32600
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 862501E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 862501E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865D31E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 862391E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 862391E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL 865651E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP 865651E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85F3D980
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85F3D980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85B2F980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85B2F980

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\12155100116.exe (*** hidden *** ) 2660

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\LDN5MD03NE
Reg \Registry\MACHINE\SOFTWARE\LDN5MD03NE@LDN5MD03NE 0x01 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\LDN5MD03NE@LDN5MD03NE 0x01 0x00 0x00 0x00 ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\claud\Impostazioni locali\Temp:{215E4984-0C07-49DC-8012-3247783A10EE}

---- EOF - GMER 1.0.12 ----
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda trip » dom feb 25, 2007 3:09 pm

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-25 13:49:55
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
SmcService /*Sygate Personal Firewall Pro*/@ = C:\Programmi\Sygate\SPF\smc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@EPSON Stylus DX3800 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\winhp32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 /*file not found*/ = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6C9E9727-C2CD-4FE5-87B4-4179BD5ED60E} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.12 = 192.168.1.12
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = imon.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.12 ----
"La teoria è quando tutto si sa e nulla funziona......La pratica è quando tutto funziona e non si sa il perché!"
Avatar utente
trip
Senior Member
Senior Member
 
Messaggi: 189
Iscritto il: dom ott 29, 2006 8:49 pm

Messaggioda Amantide » dom feb 25, 2007 3:37 pm

Esegui con Avenger questo script:

Files to delete:
C:\WINDOWS\12155100116.exe
C:\WINDOWS\winhp32.exe
C:\WINDOWS\msnhp32.dll

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1


Poi avvia Hijackthis, vai su Open the Misc Tools section--> Open ADS spy..., togli a spunta a Quick scan e premi Scan.
A scansione terminata trova e seleziona la seguente voce e premi Remove selected:
C:\Documents and Settings\claud\Impostazioni locali\Temp:{215E4984-0C07-49DC-8012-3247783A10EE}

Dopo dalla modalità provvisoria svuota tutte le cartelle temporanei.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 43 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising