www.MegaLab.it

[Tetsuya1977]

La rinominazione non pare influire sul buon funzionamento dei tool. Se i file funzionano anche in presenza delle varianti più rognose di Gromozon ce lo siamo fatto a colazione, e per di più con relativa nonchalance

Se danno conferma che il sistema di rinominare i file funziona, lo inseriamo nell'articolo con i file rinominati allegati.

Lo posso mettere per iscritto

Funziona

Ma,attenzione,parlo per me

[Amantide]

Confermo anche io, funziona.
Un altra cosa che aiuta molto, è agire da un account diverso, si può anche creare uno nuovo in mancanza di un secondo account, oppure aggendo dalla modalità provvisoria, dopo essersi loggati come Administrator.

Un altra cosa, hai scordato di scrivere nell'articolo che ora si rischia di beccarsi il LinkOptimizer anche con Firefox.

W Opera!!

[The King of GnG]

Confermo anche io, funziona.
Un altra cosa che aiuta molto, è agire da un account diverso, si può anche creare uno nuovo in mancanza di un secondo account, oppure aggendo dalla modalità provvisoria, dopo essersi loggati come Administrator.

Un altra cosa, hai scordato di scrivere nell'articolo che ora si rischia di beccarsi il LinkOptimizer anche con Firefox.

W Opera!!

http://www.MegaLab.it/1168

http://www.MegaLab.it/1130

[Amantide]

Confermo anche io, funziona.
Un altra cosa che aiuta molto, è agire da un account diverso, si può anche creare uno nuovo in mancanza di un secondo account, oppure aggendo dalla modalità provvisoria, dopo essersi loggati come Administrator.

Un altra cosa, hai scordato di scrivere nell'articolo che ora si rischia di beccarsi il LinkOptimizer anche con Firefox.

W Opera!!

http://www.MegaLab.it/1168

http://www.MegaLab.it/1130

A parte che io personalmente non ho mai usato ne Opera 9.0 ne 9.01, me ne ero accorta che non erano perfetti, e sono passata direttamente da Opera 8.54 a 9.02.... non parlavo di sicurezza dei browser in generale ma solo di questo caso particolare, visto che dopo IE è stato preso di mira anche Firefox, ed ora nemmeno l'uso di Firefox ti può proteggere dalla infezzione con LinkOptimizer.
Ah, io con Opera non sono riuscità ad installare LO nemmeno volendo, ho dovuto chiedere a Marco di farmi il piacere e mandarmi il virus con un allegato.... chi cerca - non trova

[presley]

Che devo eliminare e cosa devo fare ?

Hai provato ad usare il file della prevx rinominato anche tu?
Dal primo al secondo log di hijackthis sono sparite molte cose

Utilizzando il tools della Nod, cancella questo file e anche il servizio come ha spiegato Amantide in precedenza.
UpdZaq /*UpdZaq*/@ = "C:\Programmi\Windows NT\DbKI.exe"

Controlla la presenza di questo file service32.exe nel tuo pc.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe

Ciao crazy e grazie per avermi risposto.
Si ho usato il file della prevx rinominato ed è andato a buon fine(per quel che ho potuto capire).
Poi come tu mhai detto ho eliminato il file DbKI.exe, ma nn ho capito poi come devo controllare la presenza del file service32.exe dal mio pc che tu hai descritto sopra.

Nell'attesa di una vostra risposta t'auguro di trascorrere una bella giornata e fatemi sapere anche se dopo questa .il mio pc per ora nn rischiera'.

[presley]

Ragazzi scusatemi ma mi ero dimenticato di scrivere che ringrazio The King of GnG per il tool rinominato Cpippo che mha fatto far funzionare i progr. Gmer Avenger ecce che prima nn mi si aprivono.

ghrazie ^_^

[Anathema]

Ciao ragazzi! Sono una nuova iscritta, e mi trovo qui per questo Gromozon o LinkOptimizer o come si chiama! Ho seguito diligentemente le regole per l'eliminazione manuale del trojan (poichè con il rootkit della Symantec e di Prevx mi diceva di averlo eliminato ma invece c'è ancora), e mi sono fermata come c'è scritto al punto 4 per mostrarvi il log di Gmer e sperare qualcuno di voi possa aiutarmi e darmi uno script valido per Avenger. Grazie in anticipo!

Ci tengo a precisare che di computer non ne so molto, vado a naso quindi volevo chiedervi: io ho provato a cercare per il punto 3 gestione del computer da cui spuntare l'opzione per mostrare i file e togliere invece quella sul nascondere, ma non l'ho trovato quindi sono arrivata a questo log saltando quella ricerca! In compenso il resto del punto che diceva di eliminare la cartella col nome dell'utenza l'ho fatto

Grazie!


GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-23 17:18:35
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = c:\windows\system32\userinit.exe,"c:\windows\cisconetwork.exe",

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@Zone Labs Client"C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Firewall\ZoneAlarm\zlclient.exe" = "C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Firewall\ZoneAlarm\zlclient.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLiteShell.dll = C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLiteShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Quick Time\iTunesMiniPlayer.dll = C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Quick Time\iTunesMiniPlayer.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{ED7C4CAA-F54D-1713-919B-E46F67F8694E}C:\WINDOWS\lqhxg1.dll /*file not found*/ = C:\WINDOWS\lqhxg1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.alice.it/ = http://www.alice.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.4.3 = 192.168.4.3
@NameServer =
@DefaultGateway =
@Domain =

---- EOF - GMER 1.0.11 ----

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-23 17:28:12
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8198F788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8198F788
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 817F1DB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 817F1DB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B6EE92A0] vsdatant.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8198FEB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8198FEB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B6EE92A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8198F0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81852AA8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81628D48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81628D48
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81852AA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81852AA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_CREATE 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_CLOSE 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_INTERNAL_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_CLEANUP 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{440DB2D8-9DB3-4BB5-A9BB-6ECFDA1E2F28} IRP_MJ_PNP 8161B538
Device \Driver\00000072 \Device\0000004a IRP_MJ_POWER [F97A0F68] sptd.sys
Device \Driver\00000072 \Device\0000004a IRP_MJ_SYSTEM_CONTROL [F97B5A70] sptd.sys
Device \Driver\00000072 \Device\0000004a IRP_MJ_PNP [F97AE728] sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8161B538
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8161B538
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8161B538
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8161B538
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8161B538
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B6EE92A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_CREATE 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_CLOSE 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_INTERNAL_DEVICE_CONTROL 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_CLEANUP 8161B538
Device \Driver\NetBT \Device\NetBT_Tcpip_{0FF41485-F190-440E-B60B-5A4C11F186B1} IRP_MJ_PNP 8161B538
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8198FA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8198FA40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B6EE92A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81352A58
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B6EE92A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B6EE92A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81352A58
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81352A58
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8166F5C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8166F5C0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8198F0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8198F0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 818500E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 818500E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 816956E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 816956E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 817F1DB0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 817F1DB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8134AA58
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8134AA58

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----



Spero sia tutto quello di cui avete bisogno

[Anathema]

Perdonatemi: mi sono dimenticata di dire che io con Myuninstaller ho eliminato Power Optimizer, che ho letto in altri forum essere veicolo del virus come LinkOptimizer e Gromozon (che non ho trovato nel mio pc).

[Plutojoe]

Domanda x i guru.

ora io mi sono imbattuto diverse volte nelle famigerate pagine tri colore.

e dopo aver seguito questi post ho fatto dei controlli.

Ora, il mio portatile risulta pulito, niete LinkOptimizer e Gromozon, ne rallentamenti, ne altri fatti che comportano questi 2 virus.

come sistema uso win xp pro, con tutte le patch, come antivirus uso Kaspersky Internet Security 6.0, e come browser quello di Avant (che dovrebbe utilizzare il motore di IE).

Come mai io non ne sono stato infettato, eppure come ho detto mi ci sono imbattuto diverse volte in quelle pagine.

ps.
i controlli li ho fatti con i tool di rimozione qui indicati, e le pagine dei siti che dovrebbero bloccare quei virus, me le apre tranquillamente.

[Amantide]

Come mai io non ne sono stato infettato, eppure come ho detto mi ci sono imbattuto diverse volte in quelle pagine.
.

Bella domanda sarà la questione di c.... scusate, il sedere

Io ho navigato per giorni senza risultati (per i scopi di studio ) su una marea di siti su quali solo qualche minuto fa qualcun altro si beccava il LO... ed invece io, che navigavo con IE, con antivirus, firewall ed antispyware disabilitati, sono riuscita a beccarmi solo un misero dialer , tant'è che alla fine ho dovuto chiedere al gentilissimo crazy.cat di mandarmelo con un allego...

[BilloKenobi]

@ Plutojoe

probabilmente avevi già installato le patch relative... quindi il tuo pc non era, e non è, vulnerabile a quel virus... buon per te

@ Anathema

oltre al Linkoptimizer hai un trojan.clicker... li eliminiamo entrambi con uno script solo...

estrai e avvia Avenger.exe

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED7C4CAA-F54D-1713-919B-E46F67F8694E}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1

Files to delete:
C:\WINDOWS\lqhxg1.dll
C:\WINDOWS\service32.exe


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (che si trova in C:/avenger.txt) con l´esito dello script.

[crazy.cat]

Poi come tu mhai detto ho eliminato il file DbKI.exe, ma nn ho capito poi come devo controllare la presenza del file service32.exe dal mio pc che tu hai descritto sopra.

Start - cerca - file e cartelle e inserisce nel campo di ricerca il nome del file, oppure vai nella cartella e vedi se lo trovi.

[Plutojoe]

@ Plutojoe

probabilmente avevi già installato le patch relative... quindi il tuo pc non era, e non è, vulnerabile a quel virus... buon per te

beh questo ci avevo pensato pure io, però la cosa strana è che le famigerate pagine tri colore, mi ci sono imbattuto anche appena uscita stà piaga e quindi ancor prima che uscissero le patch relative, sensa rimanere infetto

[Anathema]

@ Anathema

oltre al Linkoptimizer hai un trojan.clicker... li eliminiamo entrambi con uno script solo...

estrai e avvia Avenger.exe

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED7C4CAA-F54D-1713-919B-E46F67F8694E}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1

Files to delete:
C:\WINDOWS\lqhxg1.dll
C:\WINDOWS\service32.exe


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (che si trova in C:/avenger.txt) con l´esito dello script.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\glrwlhyf

*******************

Script file located at: \??\C:\Program Files\kavvosln.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\lqhxg1.dll not found!
Deletion of file C:\WINDOWS\lqhxg1.dll failed!

Could not process line:
C:\WINDOWS\lqhxg1.dll
Status: 0xc0000034



File C:\WINDOWS\service32.exe not found!
Deletion of file C:\WINDOWS\service32.exe failed!

Could not process line:
C:\WINDOWS\service32.exe
Status: 0xc0000034



Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED7C4CAA-F54D-1713-919B-E46F67F8694E} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






Temo brutte notizie Grazie comunque BilloKenobi!

[Anathema]

Questo è il log che mi viene fuori con HijackThis, se ti può essere di qualche utilità:

Logfile of HijackThis v1.99.1
Scan saved at 12.18.42, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Firewall\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Utente\Desktop\Silvia\Gromozon\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\cisconetwork.exe",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\Firewall\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Utente\Desktop\Silvia\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0414326937
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Anathema]

Infine sempre se ti può essere utile ho cercato nel regedit.exe e ho trovato una cartella di LinkOptimizer e una di CLSID.

[The King of GnG]

Allego la mail integrale che mi è stata inviata da Hardware Upgrade, nel caso fosse utile a qualcuno.

Caro utente di Hardware Upgrade,

è da qualche settimana che alcuni utenti ci segnalano problemi di visualizzazione e di accesso ad Hardware Upgrade con errori del tipo 'dominio non trovato' o simili, con tutti i browser.

Questo NON è un problema dei nostri server e non è un problema dal nostro lato tecnico: si tratta invece di un virus rootkit installato sul tuo pc chiamato GROMOZON che blocca l'accesso al nostro sito in quanto abbiamo pubblicato informazioni relative a questo virus.
www.hwupgrade.it non è l'unico dominio bloccato, ci sono molti domini di software house che producono antivirus e di siti che offrono metodi di rimozione di GROMOZON inclusi in questa lista.

Il link sottostante porta all'ultima versione del tool di rimozione sviluppato da PREVX, ovviamente accessibile da un dominio non incluso in questa lista:

http://151.1.244.111/fixgromozon.zip

Il link si riferisce ad un file presente sui nostri server.

Lo staff di Hardware Upgrade

[aris73]

Anathema
Lancia Hijackthis clic su "oper the misc tools section clic su"delete file on reboot e immetti:
c:\windows\cisconetwork.exe

fixa

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\cisconetwork.exe",

e riavvia

[BilloKenobi]

@ Anathema

fixa con hijackthis

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\cisconetwork.exe",
R3 - Default URLSearchHook is missing

e cancella la cartella LinkOptimizer nel regedit

[crazy.cat]

Aggiornato l'articolo e in serata spero che Zane abiliti anche il download dei tools rinominati, grazie all'idea del nostro King.

Adesso c'è anche la variante russa del virus si chiama gromoz.L
quindi attenzione anche sui siti esteri.