Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

ciao chi mi analizza lo script di gmer qui di seguito?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

ciao chi mi analizza lo script di gmer qui di seguito?

Messaggioda Wine&food » lun feb 05, 2007 5:50 pm

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-04 19:50:18
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@UpdRegD:\WINDOWS\Updreg.exe = D:\WINDOWS\Updreg.exe
@AHQInitD:\Programmi\Creative\SBLive\Program\AHQInit.exe = D:\Programmi\Creative\SBLive\Program\AHQInit.exe
@NeroFilterCheckD:\WINDOWS\system32\NeroCheck.exe = D:\WINDOWS\system32\NeroCheck.exe
@TkBellExe"D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@nwiznwiz.exe /install = nwiz.exe /install
@AVG7_CCD:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/ = D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXED:\WINDOWS\system32\ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
@drvsyskitD:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe = D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/ = "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" /*file not found*/
@Windows Registry Repair ProD:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/ = D:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\System32\extmgr.dll = D:\WINDOWS\System32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/D:\WINDOWS\system32\nvcpl.dll = D:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/D:\WINDOWS\system32\nvshell.dll = D:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/D:\PROGRA~1\WINZIP\WZSHLSTB.DLL = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} /*iolo Context Defrag*/(null) =
@{46E22146-59C0-4136-9233-FB7720E777B2} /*EzCddax extension*/D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/D:\Programmi\iTunes\iTunesMiniPlayer.dll = D:\Programmi\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2F860D81-AF3C-11D4-BDB3-00E0987D8540} /*UltimateZip Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
EzCddax@{46E22146-59C0-4136-9233-FB7720E777B2} = D:\Programmi\Easy CD-DA Extractor 10\ezcddax10.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DCShell@{28A5BD64-8D1F-4893-AC13-DC300D242848} = D:\Programmi\DriveCleaner 2006\DCShell.dll
SM_ContextDefrag@{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/ = D:\Documents and Settings\utente\Desktop\Spybot - Search & Destroy\SDHelper.dll /*file not found*/
@{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll = D:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\SYSTEM32\blank.htm = D:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\System32\itss.dll
lid@CLSID = D:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\System32\itss.dll
ms-itss@CLSID = D:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = D:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-04 19:48:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT vax347b.sys ZwClose
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT vax347b.sys ZwCreateKey
SSDT vax347b.sys ZwCreatePagingFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT vax347b.sys ZwOpenKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT vax347b.sys ZwQueryValueKey
SSDT vax347b.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B8E520
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81664030
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 818F0EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 812B1830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 818F0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 818F0EB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8190B6B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8190B6B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Messaggioda Amantide » lun feb 05, 2007 6:05 pm

Ciao e benvenuto [:)]

Brutte notizie, si tratta del worm Bagle.

Leggiti questo articolo e se hai bisogno d'aiuto, facci sapere [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

script per avenger

Messaggioda Wine&food » lun feb 05, 2007 6:22 pm

non sono in grado di preparare uno script per avenger mi aiutate voi? grazie
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm


Messaggioda Amantide » lun feb 05, 2007 6:29 pm

Eccolo qui:

Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe

folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
D:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr


Al riavvio del pc ti dovrebbe comparire un file di blocco note con l'esito dell'operazione, postamelo qui.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

avenger mi da errore

Messaggioda Wine&food » lun feb 05, 2007 6:37 pm

Error: selected file does not appear to be a valid script.
che faccio?
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Messaggioda Amantide » lun feb 05, 2007 6:48 pm

Hai incollato solo la parte evidenziata in neretto?
Prova ad eseguire lo script dalla modalità provvisoria (F8 all'avvio).
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

si ho incolato...

Messaggioda Wine&food » lun feb 05, 2007 7:00 pm

solo la parte in neretto ed in più questo simpatico virus disabilita la modalità provvisoria ha ha ha mi viene da piangere [cry+]
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Re: si ho incolato...

Messaggioda Amantide » lun feb 05, 2007 7:16 pm

Wine&food ha scritto:solo la parte in neretto ed in più questo simpatico virus disabilita la modalità provvisoria ha ha ha mi viene da piangere [cry+]

Oddio, è vero!! L'avevo scordato [acc2]

Prova a riscaricare Avenger e rinominarlo prima di lanciare il programma. Una volta mi era già capitato il caso di Avenger corrotto a caua di Bagle.

Per iniziare prova ad eseguire solo questa parte dello script e poi il resto:

Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

ok ma

Messaggioda Wine&food » lun feb 05, 2007 7:31 pm

sono riuscito a fa re ciò che hai dettoma mi si è aperta una barra aplicazioni con scritto ECL select file to crack cosè? cosa faccio?
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Re: ok ma

Messaggioda Amantide » lun feb 05, 2007 7:48 pm

Wine&food ha scritto:sono riuscito a fa re ciò che hai dettoma mi si è aperta una barra aplicazioni con scritto ECL select file to crack cosè? cosa faccio?

Cosa? [boxed]
Sei sicuro di aver scaricato proprio Avenger? E mò che c'entra il crack? [acc2]

Sei riuscito a fare ciò che ti ho detto... Potresti essere più preciso? Che cosa sei riuscito a fare e cosa no?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

ho cancellato

Messaggioda Wine&food » lun feb 05, 2007 8:12 pm

Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
dopodiche la sorpresa è:mi si è aperta dopo il riavvio del sistema una finestra con scritto in alto a sinistra "Select file to crack"sulla barra delle applicazioni in basso è scritto " ECL select file to crack" piacerebbe sapere anche a me cosè comunque io non l'ho toccato!
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Re: ho cancellato

Messaggioda Amantide » lun feb 05, 2007 8:15 pm

Wine&food ha scritto:Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
dopodiche la sorpresa è:mi si è aperta dopo il riavvio del sistema una finestra con scritto in alto a sinistra "Select file to crack"sulla barra delle applicazioni in basso è scritto " ECL select file to crack" piacerebbe sapere anche a me cosè comunque io non l'ho toccato!

Per ora lascia perdere quell' avviso ed esegui il resto dello script, io intanto vedo in giro cosa potrebbe essere 'sto ECL...crack
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Complimenti!!

Messaggioda Wine&food » mar feb 06, 2007 7:03 pm

ad Amantide che grazie al tuo aiuto il warm sembra avere fatto le valige!
AVG ripartito,Spy&boot idem!Ora (se sgagli correggimi)dovrei creare un punto di ripristino configurazione del sistema,e poi se non sono troppo pretenzioso vorrei alcuni consigli su che software usare per proteggere il PC.GRAZIE MILLE!!! [^]
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Re: Complimenti!!

Messaggioda Amantide » mar feb 06, 2007 7:14 pm

Wine&food ha scritto:ad Amantide che grazie al tuo aiuto il warm sembra avere fatto le valige!

[;)]
Hai letto anche la parte finale dell'articolo su come ripristinare il SafeBoot ed abilitare i servizi terminati?
Ora (se sgagli correggimi)dovrei creare un punto di ripristino configurazione del sistema

Anche se la maggioranza degli utenti qui ritiene che sia inutile, io ti consiglio di riabilitare il ripristino configurazione di sistema. Una volta riabilitato, i punti di ripristino verranno creati automaticamente.
,e poi se non sono troppo pretenzioso vorrei alcuni consigli su che software usare per proteggere il PC.GRAZIE MILLE!!! [^]

AVG nel senso antivirus? Se si, allora tieni questo antivirus ed installa anche un firewall, Comodo Firewall o Zone Alarm. Un altro programma da abbinare con la protezione in tempo reale è Spyware Terminator, e per fare le scansioni incrociate ogni tanto scarica anche A-squared e SuperAntispyware.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Ho letto che..

Messaggioda Wine&food » mar feb 06, 2007 7:32 pm

i file per il ripristino sono stati totalmente cancellati dal warm! ma non spiega come ripristinarli e quindi ho ancora bisogno del tuo aiuto! grazie
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Messaggioda Amantide » mar feb 06, 2007 7:40 pm

Per prima cosa assicurati che la funzione sia abilitata.
Vai su Start -> Pannello di controllo -> Sistema -> Ripristino configurazione di sistema ed assicurati che questa voce non sia spuntata
"Disattiva Ripristino configurazione di sistema"

Dopo vai su Start-> Tutti i programmi-> Accessori-> Utilità di sistema-> Ripristino configurazione di sistema, seleziona Crea un punto di ripristino-> Avanti, inserisci un nome per identificare il tuo punto di ripristino personalizzato e clicca Ok.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Molto bene

Messaggioda Wine&food » mer feb 07, 2007 4:44 pm

sembra funzionare tutto come prima grazie ancora! [^]
Nessuno è solo finchè di notte a chi non dorme per pensare a lui.....
Avatar utente
Wine&food
Aficionado
Aficionado
 
Messaggi: 33
Iscritto il: lun feb 05, 2007 5:42 pm

Messaggioda Amantide » mer feb 07, 2007 4:56 pm

Ottimo [^]

Ah! Il messaggio "Select file to crack" lo lanciava il file hldrrr.exe [;)] , una volta eliminato il file è sparito anche il messaggio.


P.S. Mi raccomando, prima di aprire i file sotto al 2 MB scaricati dal P2P, fai una scansione sul www.virustotal.com per vedere di cosa si tratta.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda olimpo54 » gio feb 08, 2007 8:09 pm

Ciao a tutti,
e ciao ad amantide.
Scrivo qui in quanto presento un problema (almeno uno dei tanti) analogo a quello che si sta discutendo qui, e che tu hai risolto.
Prima di darti(vi) disturbo ho provato a rivolvere il mio problema utilizzando lo script che hai fornito al ragazzo aggiungendo solo una riga in quanto nella mia cartella c:/documents&settings/famiglia/dati applicazioni/hidires c'è anche un file che si chiama flec003.exe , ma come mi aspettavo non ha dato i suoi buoni frutti.
Infatti dopo il rinvio ha eliminato un solo file, non ha trovato i filoe di registro ed ha fallito l'eliminazione delle cartelle etc...
Ora non so che fare visto che è già la seconda volta che mi becco sto trojan.bigol(bagle), la prima volta ho formattato e sto giro o imparo a conviverci (e non mi va) o lo elimino.
Dopo la lunga premessa ti presento i miei risultati ottenuti con GMER:

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-08 19:03:46
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
CLCapSvc /*CyberLink Background Capture Service (CBCS)*/@ = "C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"
CLSched /*CyberLink Task Scheduler (CTS)*/@ = "C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.exe
CyberLink Media Library Service /*CyberLink Media Library Service*/@ = "C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
PDSched /*PDScheduler*/@ = C:\Programmi\Raxco\PerfectDisk\PDSched.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@drvsyskitC:\Documents and Settings\Famiglia\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\Famiglia\Dati applicazioni\hidires\hidr.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
RunOnce@FFTI = C:\Documents and Settings\Famiglia\Dati applicazioni\Mozilla\Firefox\Profiles\jahqobyx.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Famiglia\Dati applicazioni\Mozilla\Firefox\Profiles/jahqobyx.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.1\program\shlxthdl.dll"
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/C:\Programmi\PowerISO\PWRISOSH.DLL = C:\Programmi\PowerISO\PWRISOSH.DLL
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} /*jetAudio*/C:\Programmi\JetAudio\JetFlExt.dll = C:\Programmi\JetAudio\JetFlExt.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office12\msohevi.dll = C:\Programmi\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Programmi\File comuni\Autodesk shared\dwf common\DWFShellExtension.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
jetAudio@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Programmi\JetAudio\JetFlExt.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
jetAudio@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Programmi\JetAudio\JetFlExt.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.12 ----


GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-08 19:05:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F7E0862C 5 Bytes JMP 82CC11C8

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[2848] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82FD41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82FD41E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP FF916980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP FF916980
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_CREATE FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_CLOSE FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_INTERNAL_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_CLEANUP FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{601758B0-6F28-4922-A63A-71453258CF70} IRP_MJ_PNP FF93C650
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 82CC01E8
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_CREATE [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_CREATE_NAMED_PIPE [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_CLOSE [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_READ [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_WRITE [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_QUERY_INFORMATION [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SET_INFORMATION [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_QUERY_EA [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SET_EA [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_FLUSH_BUFFERS [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_QUERY_VOLUME_INFORMATION [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SET_VOLUME_INFORMATION [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_DIRECTORY_CONTROL [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_FILE_SYSTEM_CONTROL [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_DEVICE_CONTROL [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_INTERNAL_DEVICE_CONTROL [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SHUTDOWN [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_LOCK_CONTROL [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_CLEANUP [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_CREATE_MAILSLOT [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_QUERY_SECURITY [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SET_SECURITY [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_POWER [F8689DB8] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SYSTEM_CONTROL [F86A4344] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_DEVICE_CHANGE [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_QUERY_QUOTA [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_SET_QUOTA [F86A7F18] sptd.sys
Device \Driver\PCI_NTPNP1138 \Device\00000051 IRP_MJ_PNP [F86A52D0] sptd.sys
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_PNP 82CC01E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 82D4F8F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82F641E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82CC5980
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_CREATE FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_CLOSE FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_INTERNAL_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_CLEANUP FF93C650
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F18E8CA-075D-4D56-9919-37CACFC4DE6B} IRP_MJ_PNP FF93C650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82CC5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82CC5980
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 82FD51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 82FD51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82F641E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE FF93C650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE FF93C650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP FF93C650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP FF93C650
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP FF93C650
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 82CC01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP FF8F6980
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CREATE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CLOSE 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_POWER 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 82CC01E8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_PNP 82CC01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA FF8F6980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP FF8F6980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 82D4F8F0
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 82D4F8F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82F641E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82F641E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_CREATE 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A05D60] sfsync02.sys
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_POWER 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1Port2Path0Target0Lun0 IRP_MJ_PNP 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1 IRP_MJ_CREATE 82BF91E8
Device \Driver\a7jmf5dh \Device\Scsi\a7jmf5dh1 IRP_MJ_CLOSE
Avatar utente
olimpo54
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: gio feb 08, 2007 7:55 pm

Messaggioda Amantide » gio feb 08, 2007 11:29 pm

Ciao e benvenuto [:)]

Il file flec003.exe mi è nuovo, comunque ho visto in giro che ci sono i casi d'infezione con Bagle che comprendono anche questo file.
Visto che ti sei reinfettato anche dopo la formattazione, direi che la causa è qualche programma fasullo scaricato da p2p che sei andato a reinstallare, vedi se riesci ad individuarlo. Dovrebbe essere un file sotto a 2 MB. Fammi sapere se lo trovi.

Questo è lo script per Avenger, qualche file di questi non ci sarà più, comunque per sicurezza inserisco tutte le voci possibili:

Drivers to unload:
m_hook

files to delete:
C:\Documents and Settings\Famiglia\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\Famiglia\Dati applicazioni\hidires\hidr.exe
C:\Documents and Settings\Famiglia\Dati applicazioni\hidires\flec003.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\wintems.exe

folders to delete:
C:\Documents and Settings\Famiglia\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK


Alla fine postami il log con l'esito di Avenger per vedere cosa è stato eliminato.

Inoltre leggiti l'ultima pagina di questo articolo, Cenni finali.

Ciao.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising