www.MegaLab.it

[Grifis]

Salve a tutti, mi chiamo Antonio e mi sono appena iscritto.

Vengo subito al mio problema: da stamattina, ogni volta che vado ad accendere il pc ricevo un errore del tipo Rundll32.exe - Errore nell'applicazione 0xc 0000005 e ho notato che alcuni programmi non venivano più caricati correttamente (lanciato l'eseguibile mi parte lo Sfoglia...)

Pensando a qualche virus ho cercato sulla rete e ho letto su questo sito l'articolo, estremamente ben fatto, complimenti all'autore , sul virus Bangle e ho notato che in effetti i programmi che non mi si caricavano erano proprio il firewall, Sygate, Spybot, e altri simili (anche se in realtà ho malfunzionamenti anche su altri programmi, tipo Drive rescue).

Allora ho effettuato tutta la procedura prevista nell'articolo ma, probabilmente perché non sono in grado di crearmi uno script appropriato per avenger, non sono riuscito a correggere il problema. Posto di seguito le scansioni che ho effettuato con gmer



GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-17 13:51:40
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = PAVWAIT.DLL

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
BAsfIpM /*Broadcom ASF IP monitoring service v6.0.3*/@ = C:\WINDOWS\System32\basfipm.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
matlabserver /*MATLAB Server*/@ = C:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SCardSvr /*smart card*/@ = %SystemRoot%\System32\SCardSvr.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
wltrysvc /*Dell Wireless WLAN Tray Service*/@ = %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /installquiet = nwiz.exe /installquiet
@ApointC:\Programmi\Apoint\Apoint.exe = C:\Programmi\Apoint\Apoint.exe
@bascstrayBascsTray.exe /*file not found*/ = BascsTray.exe /*file not found*/
@Dell QuickSetC:\Programmi\Dell\QuickSet\quickset.exe = C:\Programmi\Dell\QuickSet\quickset.exe
@DVDSentryC:\WINDOWS\System32\DSentry.exe = C:\WINDOWS\System32\DSentry.exe
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@APVXDWIN"C:\Programmi\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s /*file not found*/ = "C:\Programmi\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@EPSON Stylus CX3600 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui /*file not found*/ = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui /*file not found*/
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@Babylon ClientC:\Programmi\Babylon\Babylon.exe -AutoStart = C:\Programmi\Babylon\Babylon.exe -AutoStart
@ISUSPM StartupC:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
@ISUSScheduler"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@Dell Wireless Manager UIC:\WINDOWS\system32\WLTRAY = C:\WINDOWS\system32\WLTRAY
@ISUSPM"C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -scheduler = "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -scheduler
@hrersfucC:\xbaxhahh.bat /*file not found*/ = C:\xbaxhahh.bat /*file not found*/
@uraddqyiC:\qrfbphdf.bat /*file not found*/ = C:\qrfbphdf.bat /*file not found*/
@pvihudkqC:\yxxocksb.bat /*file not found*/ = C:\yxxocksb.bat /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@NBJ"C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" = "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
@EPSON Stylus CX3600 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" ? ? ? ??? p?? g??w0??w????*??w???w O??w? ? ? <?W ???w ??? ? T?? ??? g??w???w???????w???w(?W ? ???w ? ??? ???|??? ? (?W ? O??ws??w???w'??w? ? T?? ?? : ??? 8? W? 4?? ?a?w? ? ? P?? ? ???? T?? ?b?w ? P?? ?S????? ? ??? h??w ? P?? z??wP?? ? 8?? ?? `? = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" ? ? ? ??? p?? g??w0??w????*??w???w O??w? ? ? <?W ???w ??? ? T?? ??? g??w???w???????w???w(?W ? ???w ? ??? ???|??? ? (?W ? O??ws??w???w'??w? ? T?? ?? : ??? 8? W? 4?? ?a?w? ? ? P?? ? ???? T?? ?b?w ? P?? ?S????? ? ??? h??w ? P?? z??wP?? ? 8?? ?? `?
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{2F25CF20-C569-11D1-B94C-00608CB45480} /*TextPad*/C:\Programmi\TextPad 4\System\shellext.dll = C:\Programmi\TextPad 4\System\shellext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda Antivirus*/C:\Programmi\Panda Software\Panda Antivirus Titanium\ShellTit.DLL = C:\Programmi\Panda Software\Panda Antivirus Titanium\ShellTit.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Telefoni personali*/C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*SnagIt*/C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll = C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
@{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Programmi\TechSmith\SnagIt 7\SnagItShellExt.dll = C:\Programmi\TechSmith\SnagIt 7\SnagItShellExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} /*TIShelEx Shell Extension*/C:\PROGRA~1\FILECO~1\TISHAR~1\TICONN~1\TIShlExt.dll = C:\PROGRA~1\FILECO~1\TISHAR~1\TICONN~1\TIShlExt.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Antivirus Titanium\ShellTit.DLL
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 7\SnagItShellExt.dll
TextPad@{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Programmi\TextPad 4\System\shellext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 7\SnagItShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Antivirus Titanium\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00C6482D-C502-44C8-8409-FCE54AD9C208}C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll = C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll = C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Start Pagehttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BE3D6D4-C8FA-4BF7-97A3-11EA55EF19F6} /*Connessione rete senza fili*/ >>>
@IPAddress192.168.0.21 = 192.168.0.21
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28DE0388-A502-40BF-96E0-E72DA1BDB7A2} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.100.1 = 192.168.100.1
@NameServer =
@DefaultGateway =
@Domain =

C:\Documents and Settings\Antonio\Menu Avvio\Programmi\Esecuzione automatica = DESKTOP.INI

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
DESKTOP.INI = DESKTOP.INI
Digital Line Detect.lnk = Digital Line Detect.lnk

---- EOF - GMER 1.0.12 ----

___________________________________________________________

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-17 13:51:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT d346bus.sys ZwClose
SSDT d346bus.sys ZwCreateKey
SSDT d346bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT d346bus.sys ZwEnumerateKey
SSDT d346bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT d346bus.sys ZwOpenFile
SSDT d346bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT d346bus.sys ZwQueryKey
SSDT d346bus.sys ZwQueryValueKey
SSDT d346bus.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text tcpip.sys!IPTransmit + 10BC F5EEFCFA 6 Bytes CALL F8316E50 Teefer.sys
.text tcpip.sys!IPTransmit + 2810 F5EF144E 6 Bytes CALL F8316E50 Teefer.sys
.text tcpip.sys!ARPRcv + 506D F5EF64E0 6 Bytes CALL F8316E50 Teefer.sys
.text wanarp.sys F86593FD 4 Bytes CALL F8316FA0 Teefer.sys
.text wanarp.sys F8659402 2 Bytes [ 90, 90 ]

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[616] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\MsnMsgr.Exe

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82F8E268
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82A3C480
Device \Driver\USBSTOR \Device\0000009c IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C4D60] sfsync02.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F769E220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F769E480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F769E5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F769E5D0] wpsdrvnt.sys
Device \Driver\USBSTOR \Device\0000009d IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C4D60] sfsync02.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F769E220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F769E480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F769E5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F769E5D0] wpsdrvnt.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1FF6458
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1FF6458
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1FF6458
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82C5F598
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82C5F598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82800C10
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82C5F598
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82C5F598
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 82B8B2C8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 82B8B2C8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E18AB230
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E18AB230
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E18AB230
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 82A612F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F769E220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F769E480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F769E5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F769E5D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F769E220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F769E480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F769E5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F769E5D0] wpsdrvnt.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 828007E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F769E220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F769E480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F769E5A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F769E5D0] wpsdrvnt.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 828007E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 829C67D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82AC2B80
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_READ 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_NAMED_PIPE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLOSE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_READ 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_WRITE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_EA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_EA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FLUSH_BUFFERS 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_VOLUME_INFORMATION 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DIRECTORY_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SHUTDOWN 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_LOCK_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLEANUP 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_MAILSLOT 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_SECURITY 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_SECURITY 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_POWER 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SYSTEM_CONTROL 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CHANGE 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_QUOTA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_QUOTA 82B65C70
Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_PNP 82B65C70
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82A3C480
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 829AC6A0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 829AC6A0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 829AC6A0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 829AC6A0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 829AC6A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 829AB768

---- Modules - GMER 1.0.12 ----

Module _________ F8434000

---- EOF - GMER 1.0.12 ----


C'è qualcuno che sa dirmi cosa c'è che ancora non va?

Grazie a tutti

[Amantide]

Ciao e benvenuto... e grazie mille per i complimenti

Mi potresti postare i log di Avenger (ho visto che l'hai usato per ben 3 volte), quelli che si trovano in C:\Avenger? Cosi posso vedere se hai già eliminato qualcosa.

[Amantide]

Ho controllato il log di Gmer e devo dire che è pulito.
Cosa intendevi dicendo che non sei riuscito a correggere il problema? Che i programmi continuano a non funzionare? Se si trattava veramente di Bagle, in tal caso, purtroppo, dovevi reinstallare daccapo i programmi corrotti.
Intanto postami i log di Avenger e poi vediamo il da farsi.

[Grifis]

Mi potresti postare i log di Avenger (ho visto che l'hai usato per ben 3 volte)

Sì, in effetti l'ho usato più volte con vari script che avevi già fatto per altri utenti sul forum
L'unico log che ho trovato si riferisce all'ultima volta che l'ho usato, quindi non so quanto sia attendibile... Quello che di sicuro ti posso dire è che la prima volta che ho usato avenger, con lo script "tipo" che ho trovato sull'articolo, ho sicuramente rimosso la cartella exefld, la cartella hdires, l' hidr.exe, mentre non c'era il file hldrrr... la voce di registro drvsyskit l'ho rimossa manualmente in quanto avenger non riusciva a togliermela (mi dava errore con la linea HKCU...). Il log:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hxpyeykm

*******************

Script file located at: \??\C:\Program Files\oecbkvsf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



Could not open file C:\Documents and Settings\Antonio\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\Antonio\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C:\Documents and Settings\Antonio\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Antonio\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\Antonio\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\Antonio\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



File C:\Windows\System32\wintems.exe not found!
Deletion of file C:\Windows\System32\wintems.exe failed!

Could not process line:
C:\Windows\System32\wintems.exe
Status: 0xc0000034



Folder C:\Documents and Settings\Antonio\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\Antonio\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\Antonio\Dati applicazioni\hidires
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pqbvbnjv

*******************

Script file located at: \??\C:\WINDOWS\eeqmxxem.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ucldcpca

*******************

Script file located at: \??\C:\Documents and Settings\jbpqkosa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rongjapy

*******************

Script file located at: \??\C:\WINDOWS\asjyvahq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\elist.xpt not found!
Deletion of file C:\WINDOWS\system32\elist.xpt failed!

Could not process line:
C:\WINDOWS\system32\elist.xpt
Status: 0xc0000034



File C:\WINDOWS\re_file.exe not found!
Deletion of file C:\WINDOWS\re_file.exe failed!

Could not process line:
C:\WINDOWS\re_file.exe
Status: 0xc0000034



File C:\error.gif not found!
Deletion of file C:\error.gif failed!

Could not process line:
C:\error.gif
Status: 0xc0000034



File C:\temp.zip not found!
Deletion of file C:\temp.zip failed!

Could not process line:
C:\temp.zip
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Cosa intendevi dicendo che non sei riuscito a correggere il problema? Che i programmi continuano a non funzionare?

Allora, Sygate e Spybot non mi si avviano, nel senso che mi si è modificata l'icona (ad es su sygate non ci sono più le due frecce ma c'è l'icona exe generica) e quando lancio l'exe mi parte lo 'Sfoglia', in quanto ho visto che nelle cartelle principali dei programmi effettivamente non ci sono più gli exe... Molti altri programmi non so bene perché ma (ad es Drive Rescue o FootBall Manager) non posso più disinstallarli, quando provo mi dice che manca il file uninst000.msg o qcosa del genere... E l'altra cosa strana è che, dopo aver usato avenger e aver riavviato il computer come mi chiede lui, se provo, dopo il riavvio, a riaprire avenger mi esce questo messaggio: Integrity check failed! This file has been modified. Reason might be a possible virus infection!

[Amantide]

Prova a reinstallare i programmi che non si avviano più e vedi se riesci a fare la scansione con Kaspersky online e poi posta qui il log.

Ah! Non reinstallare Sygate, è vecchio e superato e non si aggiorna più, e al posto di Spybot metti A-squared o SuperAntispyware, con quali dovresti eseguire la scansione completa del sistema il prima possibile.

***edit***
Hai fatto la pulizia del registro come era scritto nell'articolo?

Pulizia registro
Aprite il Registro di sistema (Start Esegui digitate REGEDIT Ok)

Espandete le voci fino ad arrivare a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Nella scheda a destra trovate ed eliminate questi valori (Tasto destro Elimina):
hldrrr
drvsyskit
german.exe

Nello stesso modo, eliminate anche le seguenti chiavi:
HKEY_CURRENT_USER\Software\DateTime4
HKEY_CURRENT_USER\Software\FirstRRRun.

La scansione e pulizia con CCleaner?

[Grifis]

Il link Kaspersky online mi dà la page non found, cosa faccio scarico il programma?
Ho scaricato gli altri software che mi hai consigliato, ora li uso e ti faccio sapere cosa ne viene fuori
Ah, per il firewall al posto di Sygate cosa mi consigli?

Nello stesso modo, eliminate anche le seguenti chiavi:
HKEY_CURRENT_USER\Software\DateTime4
HKEY_CURRENT_USER\Software\FirstRRRun

Questo non l'ho fatto, ora provvedo

[Amantide]

Il link Kaspersky online mi dà la page non found, cosa faccio scarico il programma?

Scusa, avevo "mangiato" la R finale nel link, quello esatto è questo http://www.kaspersky.com/virusscanner

Ah, per il firewall al posto di Sygate cosa mi consigli?

Comodo Firewall

[Grifis]

Non ho effettuato l'analisi con kaspersky perché i problemi li ho sul portatile e al momento non posso connetterlo ad Internet, cercherò di farlo domani...

comunque, dopo aver effettuato la pulizia con CCleaner e le scansioni con ASquared e SuperAntiSpyware (che mi hanno rilevato solo questo, C:\Programmi\WinRAR\ZIP.SFX rilevati: Trojan.Win32.Agent.tz), ho notato che non mi dà più l'errore in avvio (quello con rundll32) né Avenger mi dà quel messaggio di file corrotto dopo aver cancellato con CCleaner questa voce dall'avvio:

@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Ho fatto qualche danno?

Poi comunque resta il fatto che non posso disinstallare alcuni programmi (Sygate sono riuscito a disinstallarlo), non so se dico una sciocchezza ma è possibile che si sia corrotto l'Uninstall Shield?

[Amantide]

Non ho effettuato l'analisi con kaspersky perché i problemi li ho sul portatile e al momento non posso connetterlo ad Internet, cercherò di farlo domani...

Non ti preoccupare, serviva solo per fare la verifica incrociata.

comunque, dopo aver effettuato la pulizia con CCleaner e le scansioni con ASquared e SuperAntiSpyware (che mi hanno rilevato solo questo, C:\Programmi\WinRAR\ZIP.SFX rilevati: Trojan.Win32.Agent.tz),

Eppure non sembra un file cattivo

ho notato che non mi dà più l'errore in avvio (quello con rundll32) né Avenger mi dà quel messaggio di file corrotto dopo aver cancellato con CCleaner questa voce dall'avvio:

@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Ho fatto qualche danno?

Un danno - no, caso mai hai disabilitato qualche funzione della scheda video. A questo punto ti direi che l'errore di rundll32 era dovuto ai problemi con i driver della scheda video. Disinstallali completamente, fai la pulizia con CCleaner e reinstalla i driver aggiornati.

Poi comunque resta il fatto che non posso disinstallare alcuni programmi (Sygate sono riuscito a disinstallarlo), non so se dico una sciocchezza ma è possibile che si sia corrotto l'Uninstall Shield?

Può essere che certi programmi per essere disinstallati richiedono la presenza di tutti file, e scoprendo l'assenza di qualche file ti negano la disinstallazione.
Prova a reinstallare quei programmi prima di disinstallarli, oppure usa MyUninstaller.
Se riesci posta lo screenshot dell'errore che ricevi durante la disinstallazione.

[Grifis]

Boh, pensavo di aver risolto qualcosa e invece...
L'unica cosa sicura è che l'errore rundll come dicevi tu era la scheda video, infatti mi aveva già lanciato dei messaggi strani in passato...
Per quanto riguarda avenger invece continua a darmi quel messaggio di file corrotto da virus e la disinstallazione non riesco farla più o meno per il 60% dei programmi, né dal pannello di controllo né con MyUninstaller, i messaggi che mi dà sono questi due:





Mi sa che comunque ora vado a leggermi l'articolo su come formattare XP

[Amantide]

Prova a fare come ti avevo suggerito prima, reinstalla quei programmi sopra, in questo modo i file mancanti verranno rimpiazzati.

[Grifis]

Prova a fare come ti avevo suggerito prima, reinstalla quei programmi sopra, in questo modo i file mancanti verranno rimpiazzati.

Sì, ho provato e così le cose vanno... Solo che per quei programmi di cui non ho il setup (ad es del Panda Antivirus non ce l'ho più) posso fare qualcosa?

comunque grazie di tutto l'aiuto Amantide, se stata gentilissima

[Amantide]

Se non hai il setup ma hai il codice seriale, potresti tentare di installare la versione trial sopra, altre vie non le vedo.

[elfoLiNk]

usa la trial di yuor unistaller 2006

[Grifis]

Grazie a tutti per i consigli, ma ormai la situazione è diventata ingestibile, oggi ho provato a connettermi per effettuare la scansione con kaspersky e ho visto che non funzionano più neanche i browser, nè Explorer e nè Firefox, quindi ormai la cosa migliore da fare è formattare.

Grazie soprattutto ad Amantide per la pazienza e i preziosi consigli, ne farò tesoro

[Grifis]

Aggiornamento: ho scoperto che oltre a Bagle ho preso anche Tenga, me l'ha rilevato il Panda del fisso quando li ho collegati in rete... E' possibile che abbiano agito "in cooperazione"? Cioè: Bagle mi ha disattivato firewall e Antivirus e poi Tenga mi ha "mangiato" tutti gli exe?

[Amantide]

Penso che Tenga te lo sei beccato successivamente, perché nel tuo log di Gmer non si vedeva la sua presenza. Conta che a causa di Bagle eri rimasto senza alcun programma di sicurezza attivo, in quelle circostanze non era difficile beccarsi altri virus e non accorgersene nemmeno.

***edit***

Ah, dimenticavo. Si, infettare tutti file .exe è proprio la caratteristica principale del virus Tenga.

[Grifis]

Penso che Tenga te lo sei beccato successivamente, perché nel tuo log di Gmer non si vedeva la sua presenza. Conta che a causa di Bagle eri rimasto senza alcun programma di sicurezza attivo, in quelle circostanze non era difficile beccarsi altri virus e non accorgersene nemmeno.

Sì, è andata sicuramente così... Infatti la cartella exefld, ossia Bagle, l'avevo notata già verso metà dicembre ma allora non mi ero accorto che mi avesse disattivato firewall e antivirus, e a parte quello tutto funzionava correttamente... Si vede che l'altra mattina invece ho preso Tenga e da lì sono inziati i problemi...

C'è modo di togliere Tenga senza formattare?

[Amantide]

Se non riesci a rimuoverlo con Panda, prova questo removal tool oppure crea questo cd http://www.MegaLab.it/2629

[Grifis]

Allora, con Avast ho tolto una marea di Tenga presenti praticamente in qualunque exe del disco fisso... Grazie a questo ha ripreso a funzionarmi Explorer, ho effettuato la scansione con kaspersky e mi dà questo report:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 20, 2007 2:58:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/01/2007
Kaspersky Anti-Virus database records: 245842
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Antonio\IMPOST~1\Temp\

Scan Statistics:
Total number of scanned objects: 18512
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:18:06

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\e4ac27a2ea522843a3ebeab97d7138c0\dfsvc.ni.exe Infected: Virus.Win32.Tenga.a skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\alg.exe Infected: Virus.Win32.Tenga.a skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1896 Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped

Scan process completed.

Devo rimuovere le due voci Infected? E se sì lo faccio con Avenger?