MegaLab.it

Inviato: **lun dic 11, 2006 12:45 pm**

Posto anche il log di mio figlio. Grazie a chiunque avra' pazienza nell'insegnarmi.
Ci sono una sfilza di rootkit? comunque ecco qua
-----------------------------------------------------------------------------------

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-11 11:45:39
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981C1D C:\PROGRA~1\DVDIDL~1\DVDShell.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 89C0CB78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 89C0CB78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 898FA6A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 898FA6A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 89BBF420
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 89BBF420
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1628008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1628008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1628008
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 89BBF6D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 899D4450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 895FD0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 895FD0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 899D4450
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 899D4450
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E150C480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E150C480
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E150C480
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 899AF7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 899AF7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 899AF7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 899AF7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 899AF7E0
Device \Driver\00000080 \Device\0000004d IRP_MJ_POWER [F7512EA8] sptd.sys
Device \Driver\00000080 \Device\0000004d IRP_MJ_SYSTEM_CONTROL [F7526A70] sptd.sys
Device \Driver\00000080 \Device\0000004d IRP_MJ_PNP [F751F728] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 89C0CE30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 89C0CE30
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 895F4338
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 895F4338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 899A3460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 899A3460
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 89BBF6D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 89BBF6D8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 898B3EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 898B3EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_CREATE 899AF7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_CLOSE 899AF7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_INTERNAL_DEVICE_CONTROL 899AF7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_CLEANUP 899AF7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E2FE6CF8-2DC2-4C58-B39A-147770A657F5} IRP_MJ_PNP 899AF7E0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76388B4] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76388B4] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 8972DBF8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 8972DBF8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 898FA6A0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 898FA6A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 89A03870
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 89A03870

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE

---- EOF - GMER 1.0.12 ----

Aspetto ogni vostro suggerimento. Grazie e ciao

Inviato: **lun dic 11, 2006 12:47 pm**

Decidi tu quale post tenere. Due sullo stesso argomento sono troppi.

Scrivi un messaggio di conferma su questo o sull'altro topic per indicare quale vuoi tenere. l'altro lo chiudiamo.

grazie per la collaborazione.

Inviato: **lun dic 11, 2006 1:19 pm**

Mr.TFM ha scritto:Decidi tu quale post tenere. Due sullo stesso argomento sono troppi.

Scrivi un messaggio di conferma su questo o sull'altro topic per indicare quale vuoi tenere. l'altro lo chiudiamo.

grazie per la collaborazione.

Sono due pc diversi, quindi vanno bene due post.

Inviato: **lun dic 11, 2006 2:09 pm**

Infatti sono due pc diversi. Ma quello che piu' mi preoccupa è quello connesso P2P, cioe' il win 2K

Inviato: **lun dic 11, 2006 2:11 pm**

comunque se qualcuno ha il tempo di dare un'occhiata anche all'XP, beh grazie. Ad ogni modo? Non esiste un software dedicato a questa minaccia? se si' quale mi consigliereste

Inviato: **lun dic 11, 2006 2:13 pm**

raphael99 ha scritto:comunque se qualcuno ha il tempo di dare un'occhiata anche all'XP, beh grazie. Ad ogni modo? Non esiste un software dedicato a questa minaccia? se si' quale mi consigliereste

Che problemi hai alla fine?
perché dai log non sempre si può capire tutto, e non tutto quello che si vede è periocoloso.
Scrivili sia qui che nell'altra discussione.

Inviato: **lun dic 11, 2006 3:55 pm**

Come dal titolo, avevo postato un annuncio stamattina riguardo il pc di mio figlio il quale accusa (me ne ero scordato) l'apertura di innumerevoli pagine vuote di inrnet explorer 6.0 in maniera causale quando apre internet explorer. Questo non succede sempre, ma succede.

Inviato: **lun dic 11, 2006 8:38 pm**

Più dei log di gmer piuttosto incomprensibili e che non sembrano sotrare voci pericolose è molto più utile il log di hijackthis.

Fai una scansione con A2 squared su tutti e due i pc e se poi riscontri ancora problemi, posta il log di hijackthis.

Inviato: **mar dic 12, 2006 7:13 am**

Grazie Crazy, faro' entrambi i computer stamani. Ti so dire in maqttinata sempre che tu ci sia. comunque. grazie

Inviato: **mar dic 12, 2006 7:34 am**

Il mio win2K ha il seg. log a
http://analyze.hijackfree.com/analyze/? ... 00f4749ea2

ci sono un casino di porte aperte in emule nonostante abbia un router con firewall incorporato netgear dg834.
Ma ci sono anche moltissime voci sospette e sconsigliate. Non saprtei ne' quali, ne come cancellarle. Mi aiuti?

Inviato: **mar dic 12, 2006 8:57 am**

Posto anche qui il log riguardo il computer di mio figlio (XP service pack 2).
Magari ti incasino ma se vuoi che facciamo due post dimmelo.
Grazie cominque

http://analyze.hijackfree.com/analyze/? ... 635e1fc366

Inviato: **mar dic 12, 2006 12:46 pm**

Scusa, ma il Hijackthis non ti funziona sui computer?

Inviato: **mar dic 12, 2006 9:56 pm**

Si', lo posto qui per il win 2k quello sempre acceso con il mulo:

---------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21.03.46, on 12/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PDesk.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\SuperRam\SuperRam.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.

exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Raffaele\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}

- C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat

7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [FinePrint Dispatcher v5]

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.

exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF

esistente - res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF

esistente - res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente -

res://C:\Programmi\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... nt/wuweb_s

ite.cab?1132404236136
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnme ... loader.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File

comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) -

AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -

C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero

BackItUp\NBService.exe

Cosa ti sembra?

Inviato: **mer dic 13, 2006 11:04 am**

Forse ho risolto i problemi: nel mio 2K ho trovato un virus HEUR/CRYPTED hce antivir ha messo in quarantena.
Nell'XP di mio figlio in cui sta ancora girando antivir ho trovato due virus HEUR/EXPLOIT.HTML

Che sia tutta colpa loro?
Ciao

MegaLab.it

Ogni tanto si aprono pagine vuote di Ie

Ogni tanto si aprono pagine vuote di Ie