View Full Version : [risolto][WinXP] dialer-1060
Mozzonic
29-10-2007, 15:27
:cry: non riesco a rimuovere il virus segnalatomi da avast: win32:Dialer-1060 [Trj]. Come posso fare? C'è qualche buona anima che mi aiuta?
Ecco il post di Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.25.56, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\63333ad491217f94e6aa7ae6a3835252\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57B49C9B-5257-49EC-AE27-61BBD5258BCC}: NameServer = 193.70.192.25,212.216.112.112
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
--
End of file - 7903 bytes
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
dovrebbe essere questa da fixare,aspetta cmq qualcun'altro per confermare
Chill-Out
29-10-2007, 15:36
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
dovrebbe essere questa da fixare,aspetta cmq qualcun'altro per confermare
confermo ;)
confermo ;)
puntuale come sempre chill-out;)
Chill-Out
29-10-2007, 15:46
puntuale come sempre chill-out;)
faccio quel che posso ;)
Chill-Out
29-10-2007, 15:51
Inoltre:
Disattiva il Ripristino configurazione di sistema ovvero procedi in questa maniera:
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok
Deve rimanere disattivato fino a quando abbiamo appurato che non hai più problemi
Scarica CCleaner per la pulizia dei file temporanei da qui: http://www.filehippo.com/download/836aab53c0dfd8723b25ba68ecc6b540/download/
installalo senza la toolbar di Yahoo, lancialo, clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore" e avvia la pulizia.
Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/installalo, lancialo, aggiornalo e fagli fare una "Deep scan"
Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.php?id=5785&file=1&evp=ba534a281306e4410a015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati
Scarica SysClean da qui: http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean
Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/enterprise/support/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post
Al termine riposta un log di HJT
Ciao
Mozzonic
29-10-2007, 16:18
Inoltre:
Disattiva il Ripristino configurazione di sistema ovvero procedi in questa maniera:
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok
Deve rimanere disattivato fino a quando abbiamo appurato che non hai più problemi
Scarica CCleaner per la pulizia dei file temporanei da qui: http://www.filehippo.com/download/836aab53c0dfd8723b25ba68ecc6b540/download/
installalo senza la toolbar di Yahoo, lancialo, clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore" e avvia la pulizia.
Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/installalo, lancialo, aggiornalo e fagli fare una "Deep scan"
Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.php?id=5785&file=1&evp=ba534a281306e4410a015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati
Scarica SysClean da qui: http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean
Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/enterprise/support/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post
Al termine riposta un log di HJT
Ciao
Ok, ma mi ci vuole un po' di tempo perché la mia zona non è coperta dalla banda larga.
Non ti preoccupare, non c'è nessuna furia. Ti aspettiamo qui :D
juninho85
29-10-2007, 17:33
oltre al svchost dovresti avere almeno una dll,più un altro .exe
posta un log di gmer
Riverside
29-10-2007, 17:46
oltre al svchost dovresti avere almeno una dll,più un altro .exe posta un log di gmer
Non solo: sempre lasciando il Ripristino configurazione di sistema disattivato (e lascialo cosi fino a quando non sarà risolto il problema) e, per ora, senza fixare nulla con Hthis, oltre a quello che ti è già stato suggerito in precedenza, procedi in questo modo:
pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected
PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)
ELISTARTA TOOL: clicca qui per il download (http://www.zonavirus.com/datos/descargas/78/elistara.asp)
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita
BITDEFENDER ONLINE SCANNER
● esegui una scansione online da: clicca qui per lo scan online (http://www.bitdefender.com/scan8/ie.html)
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● fai sapere se e cosa viene rilevato e rimosso (pubblica il Report che verrà rilasciato).
aggiorna INTERNET EXPLORER:
clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)
da aggiornare JAVASUN (hai una versione vecchia di circa di 2 anni):
● Start
● Panello di Controllo (se non viene visualizzato in modalità classica, in alto a sinistra clicca sulla voce passa alla visualizzazione classica)
● clicca sulla icona Java per accedere al suo Pannello di controllo
● clicca sulla scheda Aggiornamento e poi sul pulsante Aggiorna adesso
Al termine, posta un nuovo log di Hthis.
Mozzonic
29-10-2007, 20:21
[QUOTE=Chill-Out;19373420]Inoltre:
Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.php?id=5785&file=1&evp=ba534a281306e4410a015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati
Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE
Non riesco però a rimuoverlo perché il cleanup è a pagamento; solo la scansione è free.
Chill-Out
29-10-2007, 21:52
[QUOTE=Chill-Out;19373420]Inoltre:
Scarica Prevx CSI da qui: http://majorgeeks.com/downloadget.php?id=5785&file=1&evp=ba534a281306e4410a015c2f61531e45
fagli scansionare il sistema rimuovi eventuali malware trovati
Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE
Non riesco però a rimuoverlo perché il cleanup è a pagamento; solo la scansione è free.
si, eventumlmente possiamo scaricare la trial di prevx, vorrei vedere prima il log di sysclean ed un altro log di HJT, grazie.
juninho85
29-10-2007, 22:55
oltre al svchost dovresti avere almeno una dll,più un altro .exe
posta un log di gmer
Prevx ha trovato il seguente file infetto:
C:\WINDOWS|SYSS_.EXE
CVD
se magari mi postassi questo benedetto log...
Mozzonic
30-10-2007, 18:16
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post
Al termine riposta un log di HJT
Ecco il log di Sysclean:
2007-10-30, 16:59:55, Auto-clean mode specified.
2007-10-30, 16:59:55, Running scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\TSC.BIN"...
2007-10-30, 17:02:45, Scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\TSC.BIN" has finished running.
2007-10-30, 17:02:45, TSC Log:
2007-10-30, 17:03:11, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-10-30, 18:02:41, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean
43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean
Success Clean [ JAVA_BYTEVER.AY]( 1) from C:\Documents and Settings\PAOLO\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-24badb9f-225c3b73.zip,(Baaaaa.class)
43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40 58 minutes 57 seconds (3537.52 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/30/2007 17:03:35
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 801 (248652 Patterns) (2007/10/28) (480100)
Command Line: C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\PAOLO\Desktop\sysclean
43817 files have been read.
43817 files have been checked.
36010 files have been scanned.
73677 files have been scanned. (including files in archived)
1 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/30/2007 18:02:40 58 minutes 57 seconds (3537.52 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-30, 18:02:41, Scanner "C:\Documents and Settings\PAOLO\Desktop\sysclean\VSCANTM.BIN" has finished running.
Inoltre il log di HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.14.08, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57B49C9B-5257-49EC-AE27-61BBD5258BCC}: NameServer = 193.70.192.25,212.216.112.112
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
--
End of file - 7754 bytes
Grazie e fammi sapere. Ciao
Mozzonic
30-10-2007, 19:14
CVD
se magari mi postassi questo benedetto log...
Eccolo:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-30 19:12:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT a347bus.sys ZwCreatePagingFile
SSDT pxfsf.sys ZwCreatePort
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT a347bus.sys ZwSetSystemPowerState
SSDT pxfsf.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 08, 51, F8, 83, 08, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ B5, 08, 51, F8, BF, 08, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 24 Bytes [ FB, 08, 51, F8, 05, 09, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ A5, 09, 51, F8, AF, 09, 51, ... ]
.text ntoskrnl.exe!_abnormal_termination + 31F 804E2FF0 1 Byte [ 6D ]
.text ...
.text tcpip.sys!IPTransmit + 10B7 F8135CFA 6 Bytes CALL F842AE50 Teefer.sys
.text tcpip.sys!IPTransmit + 24D9 F813711C 6 Bytes CALL F842AE50 Teefer.sys
.text tcpip.sys!IPTransmit + 4662 F81392A5 6 Bytes CALL F842AE50 Teefer.sys
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[704] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programmi\Spyware Doctor\SDTrayApp.exe[1932] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes [ 6B, 90, C3, 83 ]
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F842B8E0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F842BB10] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F842BC70] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F842BBD0] Teefer.sys
---- Devices - GMER 1.0.13 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82E896B0
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F8569454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F851BF56] pxfsf.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 828B0030
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82D0DC08
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82C53FB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82D0DC08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 82D1F258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 82D1F258
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82D0DC08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82D0DC08
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 828AE490
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F89482A0] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8948428] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F8947E56] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8867220] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8867480] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F88675A0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88675D0] wpsdrvnt.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F88468E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F88468E6] aswTdi.SYS
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82C72740
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82C72740
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82CD2E40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82C7A800
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_READ 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 82F59008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 82F59008
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 828B0030
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F8569454] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F85691DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F855CF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F851BF56] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F851BF56] pxfsf.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 82D1FD38
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82ACA2E8
---- Modules - GMER 1.0.13 ----
Module _________ F8591000-F85A9000 (98304 bytes)
---- EOF - GMER 1.0.13 ----
Mozzonic
30-10-2007, 19:56
[QUOTE=Riverside;19375815]Non solo: sempre lasciando il Ripristino configurazione di sistema disattivato (e lascialo cosi fino a quando non sarà risolto il problema) e, per ora, senza fixare nulla con Hthis, oltre a quello che ti è già stato suggerito in precedenza, procedi in questo modo:
pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected
PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)
ELISTARTA TOOL: clicca qui per il download (http://www.zonavirus.com/datos/descargas/78/elistara.asp)
per scaricare il tool scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA
● per comodità, posizionalo su Desktop
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt
● clicca su Risorse del Computer, poi su Disco Locale C:
●trovi il log e lo alleghi alla discussione
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita
Fatto fino a qui. Ecco il log di elistarta:
Tue Oct 30 19:44:50 2007
EliStartPage v14.94 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
No detectado Parche MS06-070 de Microsoft instalado. (SServidor)
ALERTA. WindowsUpdate Incompleto.
Eliminados Ficheros Temporales del IE
Tue Oct 30 19:45:03 2007
EliStartPage v14.94 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\PAOLO\Desktop\backup\EDILCLIMA PROGRAMMI\Centrali\ISPDATA.DLL --> Eliminado, AdWare.Agent.BN
C:\EDILCL~1\Centrali\ISPDATA.DLL --> Eliminado, AdWare.Agent.BN
Nº Total de Directorios: 3625
Nº Total de Ficheros: 42977
Nº de Ficheros Analizados: 11993
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
juninho85
30-10-2007, 20:43
...e fin qui tutto ok.
ora scansiona,sempre con gmer,SOLO spuntanto "files" e "registry"
Riverside
30-10-2007, 20:47
Non si capisce più nulla :mad:
Inoltre il log di HJT
E’ rimasto questo problema da risolvere, per ora (non lo toccare, per nessuna ragione):
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
da questo momento, tutti i log e/o report che ti verranno richiesti devono:
● se il relativo txt generato è max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione Gestisci Allegati;
● se superiore a 20 kb, hostati su Zshare clicca qui per raggiungere ZShare (http://www.zshare.net/), pubblicando, nella discussione, il link che verrà rilasciato per il download.
Ora prosegui in questa maniera:
COMBO FIX: clicca qui per il download (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
● completata la prima fase della scansione il sistema verrà riavviato automaticamente
● dopo il rivvio verrà creato un Report in Risorse del Computer - Disco Locale C:
● il Report, lo alleghi alla discussione.
poi, come ti ha chiesto Juninho (anche se lo hai già fatto):
posta un log di gmer
ripeti uno scan con Gmer, ed alleghi il log che verrà rilasciato.
Utima cosa: quanto posti, non hai bisogno di quotare i nostri interventi: ti devi semplicemente limitare a postare quello che ti viene richiesto e se hai qualche dubbio, chiedere chiarimenti.
Chill-Out
30-10-2007, 21:39
Non si capisce più nulla
come ti capisco, ieri sera stavo uscendo pazzo :D
xcdegasp
30-10-2007, 23:55
Per chi non lo sapesse e non si fosse interessato:
http://www.hwupgrade.it/forum/showthread.php?t=1589984
provvedere immediatamente a mettersi in regola!!
Mozzonic
02-11-2007, 12:40
Il log di COMBOFIX è in allegato
Mozzonic
02-11-2007, 12:48
Ecco il messaggio di GMER:
"GMER hasn't found any system modification"
Riverside
02-11-2007, 16:22
eccomi, scusate ........ ho fatto girare tutti i programmi, e vi allego i log ......... quello di highjackthis l'ho passato sul sito e ancora c'è vmsnap1.
Allora o tu fai ciò che ti viene detto o non se ne viene a capo.
Nel mio precedente post ti avevo suggerito di:
pulire gli ADS:
● rilancia HTHIS
● clicca sulla voce Open the Misc Tool section
● clicca su Open ADS Spy
● clicca su Scan
● se venissero rilevati ADS spunta tutte le caselline e clicca su Remove Selected
di scaricare ed eseguire una scansione con:
PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)
Di eseguire una scansione (cosa che non hai fatto) da BITDEFENDER ONLINE SCANNER
● esegui una scansione online da: clicca qui per lo scan online (http://www.bitdefender.com/scan8/ie.html)
● una volta aperta la pagina, clicca I AGREE: ti farà scaricare un activex, tu segui la procedura guidata.
● fai sapere se e cosa viene rilevato e rimosso (pubblica il Report che verrà rilasciato).
di aggiornare INTERNET EXPLORER (cosa che non hai fatto):
clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)
di aggiornare JAVASUN (cosa che non hai fatto):
● Start
● Panello di Controllo (se non viene visualizzato in modalità classica, in alto a sinistra clicca sulla voce passa alla visualizzazione classica)
● clicca sulla icona Java per accedere al suo Pannello di controllo
● clicca sulla scheda Aggiornamento e poi sul pulsante Aggiorna adesso
Ora, sempre che tu ne abbia voglia, perché non sei obbligato, fai quello che ti è stato suggerito, ed termine, allega un nuovo log di Hthis.
juninho85
03-11-2007, 00:19
lancia avenger (http://www.megalab.it/articoli.php?id=946) con questo script:
Files to delete:
C:\WINDOWS\servc32.dll
C:\sysfqcx.exe
C:\WINDOWS\syss_.exe
C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
...e mi auguro che possa bastare :D
Mozzonic
05-11-2007, 16:14
Dunque, ricominciamo da BitDefender. Il log della scansione è in allegato.
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
dovrebbe essere questa da fixare,aspetta cmq qualcun'altro per confermare
Ciao a tutti!
Anche io ho lo stesso problema (o almeno credo, cosi mi è stato detto dai moderatori)... solo che in HijackThis non riesco proprio a trovarla la voce
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
cosa posso fare?
Chill-Out
05-11-2007, 16:59
Dunque, ricominciamo da BitDefender. Il log della scansione è in allegato.
ma quando vi si dice di disabilare il ripristino configurazione sistema, bisogna disabilitarlo, vedi post #6
xcdegasp
05-11-2007, 17:31
Ciao a tutti!
Anche io ho lo stesso problema (o almeno credo, cosi mi è stato detto dai moderatori)... solo che in HijackThis non riesco proprio a trovarla la voce
O23 - Service: WinDl01Service - Unknown owner - C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe
cosa posso fare?
non postare in mille posti, altrimenti arrechi confusione e ti complichi solo la vita ;)
Mozzonic
06-11-2007, 10:05
Ho ridisabilitato il ripristino configurazione del sistema. Poiché avevo già fatto la stessa operazione l'altra volta senza più toccare l'impostazione, come mai è stata abilitata nuovamente? Come posso accorgermi se qualcuno o qualcosa lo riabilita?
Chill-Out
06-11-2007, 11:39
Ho ridisabilitato il ripristino configurazione del sistema. Poiché avevo già fatto la stessa operazione l'altra volta senza più toccare l'impostazione, come mai è stata abilitata nuovamente?
con precisione non lo posso sapere, ma secondo mè l'hai riabilitato tu
Come posso accorgermi se qualcuno o qualcosa lo riabilita?
Hips
ancora problemi?
Mozzonic
06-11-2007, 12:33
Ho aggiornato internet explorer 7
Javasun è in corso di aggiornamento
Mozzonic
09-11-2007, 14:37
fatto anche con javasun.
Il log dell'ultima scansione di HJT è in allegato.
juninho85
09-11-2007, 16:34
java aggiornalo manualmente scaricando l'eseguibile
Mozzonic
13-11-2007, 10:28
Fatto sia con Java che con Avenger (script in allegato).
Serve qualche altra procedura?
juninho85
13-11-2007, 21:47
per me è risolto...prova a fare una scansione col tuo antivirus e vedi se rileva qualcosa
Mozzonic
17-11-2007, 12:32
Ok tutto a posto.
Ringrazio tutti coloro che mi hanno aiutato e in particolare Juninho
Ciao a tutti
juninho85
17-11-2007, 13:27
perfetto...degasp direi che ci possiamo mettere una "croce" sopra :D
xcdegasp
17-11-2007, 16:37
fate un riassunto così sarà utilissimo anche epr i prossimi utenti :)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.