Ciao a tutti..per abaglio ho aperto un file exe e mi ha installato un virus..si chiama scrigz.exe e continua ad avviarsi, meno male che spyware terminator lo blocca..come posso eliminarlo definitivamente?
grazie

Intanto scarica HIJACKTHIS dalla mia firma (qua sotto) mettilo in una cartella in C: o in C:\Programmi. Aprilo e premi la prima opzione "do a system scan and save log" aspetta che ti dia il file .txt (blocco note) e copia e incolla INTERAMENTE qui e aspetta nuove istruzioni.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.48.07, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\scrigz.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Objects/Pagina.asp?ID=115&T=Sessione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7681 bytes

Da fixare:
C:\WINDOWS\system32\scrigz.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Disabilita ripristino configurazione sistema

Fai una scansione completa spyware con SpywareTerminator

Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe fallo girare in modalità provvisoria F8, in alcuni casi Norman Malware Cleaner può richiedere il riavvio del computer per rimuovere completamente un’infezione

Aggiorna Acrobat Reader sei alla versione 7 è già disponibile la 8

Ciao

N.B: ho editato il post

scansione con norman fatta..ecco il risultato

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/10/16 20:20:41

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 1
Nvcmacro.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: NICO\JNico


Scan started: 28/10/2007 12:39:53


Scanning running processes and process memory...

Number of processes/threads found: 511
Number of processes/threads scanned: 510
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s


Scanning file system...

Scanning: C:\*.*

C:\WINDOWS\system32\scrigz.exe (Infected with SDBot.gen8)
Deleted file

Scanning: D:\*.*


secondo voi adesso è tutto a posto?

no,pare non abbia fatto nemmeno un tentativo di rimozione :D

sembrerebbe...per sicurezza nuovo log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.11.22, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Objects/Pagina.asp?ID=115&T=Sessione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7316 bytes

svehost.exe
ora ci sarebbe(anche?)quest'altro
posta un log di gmer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.11.22, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.collegiorotondi.it/Objects/Pagina.asp?ID=115&T=Sessione%20d´esame
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7316 bytes

eccolo con gmer:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-10-28 20:06:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 107 804E2DD8 12 Bytes [ 70, 72, 39, F4, 20, D5, 39, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? srescan.sys Impossibile trovare il file specificato.
.text USBPORT.SYS!DllUnload F688F62C 5 Bytes JMP 87249970
? System32\Drivers\azjtl0cl.SYS Impossibile trovare il file specificato.
? C:\WINDOWS\System32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8737A1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8737A1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86F42990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86F42990
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetBT_Tcpip_{51D67A88-5014-47E7-96FC-1DC191DE2F8D} IRP_MJ_PNP 86F3C700
Device \Driver\00000047 \Device\00000041 IRP_MJ_POWER [F7753DB6] sptd.sys
Device \Driver\00000047 \Device\00000041 IRP_MJ_SYSTEM_CONTROL [F776973C] sptd.sys
Device \Driver\00000047 \Device\00000041 IRP_MJ_PNP [F776277E] sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8723A990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8737D1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8723A990
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8737E1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 871011D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8737E1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 871011D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8737C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8737C1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 871011D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 871011D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86F3C700
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86F3C700
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8723A990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 8723A990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 87037990
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F43A8CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F43A8CC0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 87037990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 87037990
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8737E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8737E1D8
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_CREATE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_CLOSE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_POWER 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1Port2Path0Target0Lun0 IRP_MJ_PNP 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_CREATE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_CLOSE 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_INTERNAL_DEVICE_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_POWER 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_SYSTEM_CONTROL 870A4900
Device \Driver\azjtl0cl \Device\Scsi\azjtl0cl1 IRP_MJ_PNP 870A4900
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86F42990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86F42990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8706B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8706B990
---- Processes - GMER 1.0.12 ----

Library C:\Programmi\Adobe\Acrobat (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1156] 0x00A70000

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1229272821-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4178605D-26E3-2572-3080-BCF5A1DFFF39}@ianfldplbbdemgmgkc 0x69 0x61 0x62 0x66 ...
Reg \Registry\USER\S-1-5-21-1229272821-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4178605D-26E3-2572-3080-BCF5A1DFFF39}@hadefnfllaihpgoj 0x69 0x61 0x62 0x66 ...

---- EOF - GMER 1.0.12 ----

scansione con norman fatta..ecco il risultato

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/10/16 20:20:41

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 1
Nvcmacro.def Version: 5.90.00, Date: 2007/10/16 20:20:41, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: NICO\JNico


Scan started: 28/10/2007 12:39:53


Scanning running processes and process memory...

Number of processes/threads found: 511
Number of processes/threads scanned: 510
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s


Scanning file system...

Scanning: C:\*.*

C:\WINDOWS\system32\scrigz.exe (Infected with SDBot.gen8)
Deleted file

Scanning: D:\*.*


secondo voi adesso è tutto a posto?

16 secondi per scansionare la partizione con installato il sistema operativo, impossibile.

li c'è scritto 16 secondi ma ti assicuro che è durato molto di più..nn ti so spiegare il motivo di ciò..

è stato già rimosso,almeno parzialmente.
hai già provato a scansionare file e ads,sempre con gmer?

li c'è scritto 16 secondi ma ti assicuro che è durato molto di più..nn ti so spiegare il motivo di ciò..
Disattiva il ripristino configurazione di sistema
poi:
CCLEANER: clicca qui per il download (http://download.piriform.com/ccsetup201.exe)
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui

ASQUARED FREE: clicca qui per il download (http://download5.emsisoft.com/a2FreeSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati.

PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

ELISTARTA TOOL: clicca qui per il download (http://www.zonavirus.com/datos/descargas/78/elistara.asp)
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

SYSCLEAN TRENDMICRO: clicca qui per il download (http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua e rimuove gli eventuali virus worm e malware presenti nella memoria del P.C., nel file di registro di Windows, nelle cartelle di sistema e in qualsiasi altra ubicazione del disco locale.
● devi creare, una apposita cartella sul Desktop e, al suo interno, inserisci Sysclean
● scarica le definizioni dei virus (vengono aggiornate, quotidianamente): clicca qui per il download (http://it.trendmicro-europe.com/enterprise/support/pattern.php)
● scompatta, all’interno della cartella creata, il file zippato contenente le definizioni
● lascia disabilitato il Ripristino configurazione di sistema
● riavvia il P.C., in modalità provvisoria
● esegui Sysclean attendi il responso finale
● pubblica, il log che verrà rilasciato

Al termine, pubblica un nuovo log di Hthis

Riverside ho fatto tutto e ti posto tutti i risultati, fammi sapere..grazie!

CCLEANER: fatto, mi ha cancellato un po di roba.

ASQUARED FREE: fatto, e anche se non lo hai richiesto ti posto il log.

a-squared Free - Version 3.0
Last update: 29/10/2007 0.16.41

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\, D:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 29/10/2007 14.07.07

D:\System Volume Information\_restore{968A0A0F-ACF5-4FBB-91DA-95863140ACE4}\RP31\A0002398.exe/JackSMS.exe rilevati: Backdoor.Win32.mIRC-based

Scansionati

Files: 155149
Tracce: 339265
Cookies: 4
Processi: 42

Rilevato

Files: 1
Tracce: 0
Cookies: 0
Processi: 0
Chiavi registro: 0

Fine scansione: 29/10/2007 17.36.11
Tempo scansione: 3.29.04


PANDA ANTIROOTKIT: fatto, non mi ha trovato niente.

ELISTARTA TOOL: fatto, ti posto il log.


Mon Oct 29 17:42:54 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminadas las Paginas de Inicio y de Busqueda del IE
Detectado AUTORUN.INF en la Unidad (G)
open=autorun.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "[email protected]". Gracias.

Mon Oct 29 17:43:41 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Spyware Terminator\SPTCONTMENU.DLL --> Acceso Denegado, KeyLogger.FL

Nº Total de Directorios: 3249
Nº Total de Ficheros: 44392
Nº de Ficheros Analizados: 13812
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Mon Oct 29 17:52:49 2007
EliStartPage v14.92 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (G)
open=autorun.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "[email protected]". Gracias.


SYSCLEAN TRENDMICRO: fatto, ti posto il log.



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-10-29, 18:46:51, Auto-clean mode specified.
2007-10-29, 18:46:51, Running scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN"...
2007-10-29, 18:50:42, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\TSC.BIN" has finished running.
2007-10-29, 18:50:42, TSC Log:

2007-10-29, 18:51:50, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-10-29, 18:52:42, An error was detected on "D:\System Volume Information\*.*": Accesso negato.
2007-10-29, 19:47:13, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

C:\Programmi\ScanSoft\OmniPageSE\opware32.exe [PE_RESOURCER.A]
C:\WINDOWS\CTRegRun.EXE [PE_RESOURCER.A]
C:\WINDOWS\system32\NeroCheck.exe [PE_RESOURCER.A]
44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

Success Clean [ PE_RESOURCER.A]( 8382) from C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\CTRegRun.EXE
Success Clean [ PE_RESOURCER.A]( 8382) from C:\WINDOWS\system32\NeroCheck.exe
44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 18:52:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

44468 files have been read.
44468 files have been checked.
41625 files have been scanned.
148313 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:47:12 54 minutes 28 seconds (3268.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:47:13, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running.
2007-10-29, 19:54:51, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/29/2007 19:47:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\JNico\Desktop\Nuova cartella

8189 files have been read.
8189 files have been checked.
8161 files have been scanned.
8270 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/29/2007 19:54:51 7 minutes 26 seconds (445.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-29, 19:54:51, Scanner "C:\Documents and Settings\JNico\Desktop\Nuova cartella\VSCANTM.BIN" has finished running.


Al termine, pubblica un nuovo log di Hthis: fatto, ti posto il log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.01.02, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svehost.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D67A88-5014-47E7-96FC-1DC191DE2F8D}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7542 bytes

mi associo ho preso pure io sto cavolo di virus :mad:

Ciao a tutti..per abaglio ho aperto un file exe e mi ha installato un virus ...... si chiama scrigz.exe .......

intanto TUTTI I LOG E/O REPORT RICHIESTI DEVONO ESSERE:

● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare (http://www.zshare.net/), pubblicando, nella discussione, il link che verrà rilasciato per il download.

Ora, procedi in questo modo: disattiva il ripristino Configurazione di sistema, rilancia Hthis e fixa queste voci:

C:\WINDOWS\system32\svehost.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe

O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"

aggiorna INTERNET EXPLORER:
clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)

Scarica e fai girare questi software:

PREVX CSI: clicca qui per il download (http://info.prevx.com/download.asp?grab=prevxcsi)
● una volta installato, esegui una scansione
● al termine della scansione, clicca su:
● Options
● Save Log
● pubblica il log salvato, per farlo analizzare

PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

SYSCLEAN TRENDMICRO: clicca qui per il download (http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua e rimuove gli eventuali virus worm e malware presenti nella memoria del P.C., nel file di registro di Windows, nelle cartelle di sistema e in qualsiasi altra ubicazione del disco locale.
● devi creare, una apposita cartella sul Desktop e, al suo interno, inserisci Sysclean
● scarica le definizioni dei virus (vengono aggiornate, quotidianamente): clicca qui per il download (http://it.trendmicro-europe.com/enterprise/support/pattern.php)
● scompatta, all’interno della cartella creata, il file zippato contenente le definizioni
● disabilita in Ripristino configurazione di sistema
● riavvia il P.C., in modalità provvisoria
● esegui Sysclean attendi il responso finale
● pubblica, il log che verrà rilasciato

Al termine riavvia il sistema ed alleghi un nuovo log di Hthis.

mi associo ho preso pure io sto cavolo di virus :mad:
Installa HIJACKTHIS: clicca qui per il download (http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip)
● crea una apposta nuova Cartella in C:/Programmi (chiamala HThis)
● scompatta, all'interno della cartella creata, il file Zip (verrà creata una icona)
● lancialo, clicca su Do a system scan and save a logfile ed una volta che è stata creata la list, clicca su Save Log
Pubblica, nella discussione (leggi sotto), il log di HijackThis per farlo controllare

Tutti i log e/o report che ti verrano richiesti devono essere:
● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare (http://www.zshare.net/), pubblicando, nella discussione, il link che verrà rilasciato per il download.

Fatto questo, valuteremo come procedere.

uhm scusami la prossima volta allego.
Cmq è inutile che aggiorno internet explorer, io uso Firefox..lo aggiorno lo stesso x sicurezza?

poi il panda atirootkit e sysclean li avevo già fatti prima..li devo rifare?

Cmq è inutile che aggiorno internet explorer, io uso Firefox..lo aggiorno lo stesso x sicurezza?
Se non ne fai mai uso, non sarebbe necessario; ma per sicurezza, io lo aggiornerei.
poi il panda atirootkit e sysclean li avevo già fatti prima..li devo rifare?
Li rifai, entrambi: anzi, visto che ci sei, anche Panda Antirootkit, eseguilo in modalità provvisoria.

Per cortesia quando vi si dice di disabilitare il ripristino configurazione sistema, disabilitatelo vero Nicflames

ah poi c'è un altro problema..non riesco a fixare
C:\WINDOWS\system32\svehost.exe
perchè me lo salva solo nel log e non me lo da disponibile nel programma..(insieme a tutta la prima lista dei running process)
come faccio?

Per cortesia quando vi si dice di disabilitare il ripristino configurazione sistema, disabilitatelo vero Nicflames

uhm ti assicuro che ho fatto disabilita ripristino configurazione..che fatica avrei fatto a spuntarlo? :confused:

ah poi c'è un altro problema..non riesco a fixare
C:\WINDOWS\system32\svehost.exe
perchè me lo salva solo nel log e non me lo da disponibile nel programma..(insieme a tutta la prima lista dei running process)
come faccio?

fallo da modalità provvisoria.

uhm ti assicuro che ho fatto disabilita ripristino configurazione..che fatica avrei fatto a spuntarlo? :confused:

D:\System Volume Information\_restore{968A0A0F-ACF5-4FBB-91DA-95863140ACE4}\RP31\A0002398.exe/JackSMS.exe rilevati: Backdoor.Win32.mIRC-based
è questo come si spiega

uhm non so neanche che sia :D cmq davvero..ti assicuro che l'avevo disattivata..magari si è riattivata mentre l ho spento :confused: non saprei..se devo rifare qualcosa non c'è problema..ditemelo pure..grazie per l aiuto cmq..
adesso faccio tutte le cose che mi ha detto riverside..appena finisco allego tutto..

uhm non so neanche che sia :D cmq davvero..ti assicuro che l'avevo disattivata..magari si è riattivata mentre l ho spento :confused: non saprei..se devo rifare qualcosa non c'è problema..ditemelo pure..grazie per l aiuto cmq..
adesso faccio tutte le cose che mi ha detto riverside..appena finisco allego tutto..

ok completa la procedura.

D:\System Volume Information\_restore{968A0A0F-ACF5-4FBB-91DA-95863140ACE4}\RP31\A0002398.exe/JackSMS.exe rilevati: Backdoor.Win32.mIRC-based ..... questo come si spiega
Chill, socio, quello è un trojano che ASquared rileva in MIrc, noto client per chattare sulle reti IRC.
E pensare che ho sempre, espressamente specificato, che Asquared lo sega e non deve essere rimosso ;)
Ora dovrà disinstallare e reinstallare il Client in questione :D

ah poi c'è un altro problema..non riesco a fixare
C:\WINDOWS\system32\svehost.exe
Porcaccia quella miseria, te lo devo scrivere a chiare lettere che svehost.exe è una Backdoor (esattamente, Backdoor.SdBot.QZ, ed altro ancora a seconda delle diverse Software House)??
Se vuo risolvere il problema, esegui, semplicemente, quello che ti viene suggerito, altrimenti stiamo qui una settimana :muro:

Chill, socio, quello è un trojano che ASquared rileva in MIrc, noto client per chattare sulle reti IRC.
E pensare che ho sempre, espressamente specificato, che Asquared lo sega e non deve essere rimosso ;)
Ora dovrà disinstallare e reinstallare il Client in questione :D

l ho cancellato apposta perchè probabilmente è solo una traccia..mirc l avevo scaricato tempo fa poi cancellato, quindi ho eliminato il resto :D

Porcaccia quella miseria, te lo devo scrivere a chiare lettere che svehost.exe è una Backdoor (esattamente, Backdoor.SdBot.QZ, ed altro ancora a seconda delle diverse Software House)??
Se vuo risolvere il problema, esegui, semplicemente, quello che ti viene suggerito, altrimenti stiamo qui una settimana :muro:

io continuo a non riuscire a trovare C:\WINDOWS\system32\svehost.exe in hthis, e cmq ora non me lo da più neanche nel log (dove prima si vedeva) dopo aver fixato le altre 5 voci..
continuo con pevx e company..

questo elistarta,visto l'altissimo numero di falsi positivi che genera,penso sia meglio dimenticarselo proprio :D
se è possibile prova a ripristinare tutto quanto ed elimina soltanto il file AUTORUN.INF contenuto nella periferica G:

hai già provato a scansionare file e ads,sempre con gmer?

:muro:

la voce per disabilitare il ripristino di configurazione a me non c'è (forse perchè uso una versione alleggerita e moddata di XP TINY XP non so se lo conoscete)
http://img267.imageshack.us/img267/5585/baubauqqrn4.th.jpg (http://img267.imageshack.us/my.php?image=baubauqqrn4.jpg)

PREVX CSI: ecco il link http://www.zshare.net/download/4538535206280c/
oppure (c'è scritto per forum)
prevxcsi.log - 0.29MB (http://www.zshare.net/download/4538535206280c/)

PANDA ANTIROOTKIT: non ho potuto avviarlo in modalità provvisoria, non mi scansiona i file. Ho pensato che fosse perche non scarica gli aggiornamenti e ho provato prima ad avviarlo in mod provvisoria con rete e poi aggiornandolo prima in mod normale e avviandolo in mod provvisoria senza richiesta aggiornamenti ma niente..così l ho avviato in mod normale e non ha trovato nulla.

SYSCLEAN TRENDMICRO: ecco il link
http://www.zshare.net/download/45386686485ac7/
oppure
sysclean.log - 0.01MB (http://www.zshare.net/download/45386686485ac7/)

Al termine riavvia il sistema ed alleghi un nuovo log di Hthis: ecco il link
http://www.zshare.net/download/4538688f49bcf8/
oppure
hijackthis.log - 0.01MB (http://www.zshare.net/download/4538688f49bcf8/)

.......
Ok, adesso sembri a posto; i log sono puliti.
Non ti resta che:
aggiornare INTERNET EXPLORER:

clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)

la voce per disabilitare il ripristino di configurazione a me non c'è (forse perchè uso una versione alleggerita e moddata di XP TINY XP non so se lo conoscete)
http://img267.imageshack.us/img267/5585/baubauqqrn4.th.jpg (http://img267.imageshack.us/my.php?image=baubauqqrn4.jpg)

e io?:D

Ok, adesso sembri a posto; i log sono puliti.
Non ti resta che:
aggiornare INTERNET EXPLORER:

clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)

ok lo faccio subito..bhè..non mi resta altro che ringraziarvi..
GRAZIE MILLE!!!!!!!!!!!!!!!!!!!!!!!!!! :sofico:
se dovvessi avere altri problemi torno :Prrr:

Ok, adesso sembri a posto; i log sono puliti.
Non ti resta che:
aggiornare INTERNET EXPLORER:

clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)

concordo pulito

la voce per disabilitare il ripristino di configurazione a me non c'è

Per ora fixa solo quelli indicati in rosso:

C:\WINDOWS\system32\scrigz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\scrigz.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Scarica questi software e tool per eseguire una pulizia:

Procedura alternativa, per pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected

CCLEANER: clicca qui per il download (http://download.piriform.com/ccsetup201.exe)
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui

ASQUARED FREE: clicca qui per il download (http://download5.emsisoft.com/a2FreeSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati.

PREVX CSI: clicca qui per il download (http://info.prevx.com/download.asp?grab=prevxcsi)
● una volta installato, esegui una scansione
● al termine della scansione, clicca su:
● Options
● Save Log
● pubblica, il log salvato, per farlo analizzare

PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

Per ora fixa solo quelli indicati in rosso:

C:\WINDOWS\system32\scrigz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\scrigz.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Scarica questi software e tool per eseguire una pulizia:

Procedura alternativa, per pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected

CCLEANER: clicca qui per il download (http://download.piriform.com/ccsetup201.exe)
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui

ASQUARED FREE: clicca qui per il download (http://download5.emsisoft.com/a2FreeSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati.

PREVX CSI: clicca qui per il download (http://info.prevx.com/download.asp?grab=prevxcsi)
● una volta installato, esegui una scansione
● al termine della scansione, clicca su:
● Options
● Save Log
● pubblica, il log salvato, per farlo analizzare

PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

fatto tutto tranne la scansione con A-squared che sto facendo ora...ADS non ce ne sono
ecco il log di PREVX log prevx.log - 0.29MB (http://www.zshare.net/download/4539316d0f632f/)

fatto tutto tranne la scansione con A-squared che sto facendo ora...ADS non ce ne sono
Al termine riavvia, allega il Report di ASquared ed un nuovo log di Hthis, per favore.
Se, questa notte, non arriva Lancetta ad analizzare i due log, qualcuno lo farà domani.

Altra cosa: non è necessario quotare tutti gli interventi di chi ti sta aiutando: posta quello che ti viene richiesto e se devi chiedere qualcosa scrivi senza esitare o porti problemi.

ok...ha appena finito lo scan
ora vado a nanna domani posto un nuovo log di Hthis
allego l'altro log
buonanotte e grazie per l'aiuto a domani ;)

l'infezione c'è ancora :mc:

penso di averla tolta :fagiano:

penso di averla tolta

Bene, abbiamo mandato in pensione scrigz.exe

Ora devi fixare queste voci:

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Poi:

riesegui uno scan con CCleaner (stessa procedura di prima);

scarica SYSCLEAN TRENDMICRO: clicca qui per il download (http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua e rimuove gli eventuali virus worm e malware presenti nella memoria del P.C., nel file di registro di Windows, nelle cartelle di sistema e in qualsiasi altra ubicazione del disco locale.
● devi creare, una apposita cartella sul Desktop e, al suo interno, inserisci Sysclean
● scarica le definizioni dei virus (vengono aggiornate, quotidianamente): clicca qui per il download (http://it.trendmicro-europe.com/enterprise/support/pattern.php)
● scompatta, all’interno della cartella creata, il file zippato contenente le definizioni
● disabilita in Ripristino configurazione di sistema
● riavvia il P.C., in modalità provvisoria
● esegui Sysclean attendi il responso finale
● pubblica, il log che verrà rilasciato

Dopo il riavvio
BITDEFENDER ONLINE SCANNER
● esegui una scansione online da: clicca qui per lo scan online (http://www.bitdefender.com/scan8/ie.html)
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● fai sapere se e cosa viene rilevato e rimosso (pubblica il Report che verrà rilasciato).

E pubblica un ultimo log di Hthis.