Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bagle.fz - Bagle.fm please help me

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Bagle.fz - Bagle.fm please help me

Messaggioda JBG » mer dic 26, 2007 10:17 am

Buongiorno a tutti,

Mi rivolgo a vuoi perché non riesco a risolvere i problemi creati dai virus bagle.fz e bagle.fm che mi hanno bloccato l’antivirus, l’antispy, gli aggiornamenti di Windows e il riavvio in modalità provvisoria.
Per primo ho usato i tools dedicati della Symantec e di Mcafee che non si sono rivelati soddisfacenti. Puoi ho usato Avenger con lo script del virus bagle comparso il 14/08/2007. Dopo l'uso di quest'ultimo mi è stato possibile reinstallare l’antivirus e l’antispy e riattivare gli aggiornamenti di windows pero riscontro ancora i due seguenti problemi:

- il processo mcshield.exe dell'antivirus sta usando 90% del CPU rendendo inutilizzabile il PC
- non si riesco ancora ad entrare in modalità provvisoria

Spero qualcuno mi possa aiutare oppure dovrò optare per la riformattazione

Allego i vari log che possono essere utili:
- della scansione on line di Kaspersky
- di Highjackthis
- di Gmer
- di Avenger

Sunday, December 02, 2007 7:47:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/12/2007
Kaspersky Anti-Virus database records: 470293


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
N:\
O:\
V:\
W:\
X:\
Y:\
Z:\

Scan Statistics
Total number of scanned objects 232006
Number of viruses found 6
Number of infected objects 73
Number of suspicious objects 0
Duration of the scan process 03:45:32

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\adobe_00080000_tsf.data Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Adobe\Bridge CS3\BridgeLog.txt Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Adobe\Bridge CS3\Cache\data\Victor.err Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\call256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\call512.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat1024.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat512.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\index2.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\sms256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer1024.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user1024.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user16384.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user4096.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped

C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\webmediaplayer_setup.exe Infected: Trojan-Dropper.Win32.Agent.cjm skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Adobe\Updater5\aumLib.log Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\alm.log Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\amt.log Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\hsperfdata_ClaudiaCubi\2900 Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\Perflib_Perfdata_16c0.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\~DFA60B.tmp Object is locked skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab/website.dll Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab CAB: infected - 1 skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\HENEC7UH\inde[1].htm Infected: Trojan-Downloader.JS.Psyme.jf skipped

C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Claudia Cubi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Claudia Cubi\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\File comuni\Adobe\Adobe PCD\cache\cache.db Object is locked skipped

C:\Programmi\File comuni\Adobe\Adobe PCD\pcd.db Object is locked skipped

C:\Programmi\File comuni\Adobe\caps\caps.db Object is locked skipped

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe Object is locked skipped

C:\Programmi\iPass\iPassConnect Tin.it\log\Agent.log Object is locked skipped

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP23\A0003420.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP23\A0003422.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP24\A0003458.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP24\A0003463.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003593.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003595.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003599.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003605.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003610.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP27\A0003618.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP27\A0003619.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP29\A0003765.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP29\A0003766.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003776.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003777.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003787.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003788.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003792.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP31\A0003865.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP31\A0003869.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003920.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003924.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003931.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003934.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004017.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004021.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004024.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004029.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004030.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004035.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004075.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004077.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004082.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004153.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004158.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004164.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004168.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004235.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004236.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004244.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004245.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004250.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004326.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004327.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004328.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004329.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004330.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004331.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004332.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004333.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004334.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004335.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004345.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004399.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004405.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004412.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP39\A0004471.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP40\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\CSC\00000002 Object is locked skipped

C:\WINDOWS\CSC\00000003 Object is locked skipped

C:\WINDOWS\CSC\d1\00002978 Object is locked skipped

C:\WINDOWS\CSC\d2\00000011 Object is locked skipped

C:\WINDOWS\CSC\d3\00000012 Object is locked skipped

C:\WINDOWS\CSC\d3\000005CA Object is locked skipped

C:\WINDOWS\CSC\d3\00001A22 Object is locked skipped

C:\WINDOWS\CSC\d4\00000073 Object is locked skipped

C:\WINDOWS\CSC\d5\0000001C Object is locked skipped

C:\WINDOWS\CSC\d6\00003D15 Object is locked skipped

C:\WINDOWS\CSC\d7\00000D7E Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\exefld\32243203.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\WINDOWS\exefld\55229175.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\WINDOWS\exefld\69656991.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\WINDOWS\exefld\73270707.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_930.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 8.49.28, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Widcomm\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\iPass\iPassConnect Tin.it\iPCAgent.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\PerSono\perstray.exe
C:\Programmi\USB Sharing\usbshare.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: USB Sharing.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9086843680
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9119768256
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smallbusiness.local
O17 - HKLM\Software\..\Telephony: DomainName = smallbusiness.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smallbusiness.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPassConnectEngine - iPass - C:\Programmi\iPass\iPassConnect Tin.it\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Programmi\iPass\iPassConnect Tin.it\iPCAgent.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (file missing)



GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-26 09:42:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8675F1E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [AA0E7500] naiavf5x.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7B41B7E] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7B41D8C] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7B4299A] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7B41AF6] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7B432C8] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B43086] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7B41AB2] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7B43CD4] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7B43790] mouclass.sys

---- Modules - GMER 1.0.13 ----

Module _________ F765E000-F7676000 (98304 bytes)

---- EOF - GMER 1.0.13 ----


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fuypppky

*******************

Script file located at: \??\C:\WINDOWS\system32\qcycjfep.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Ultima modifica di JBG il mer dic 26, 2007 10:27 am, modificato 2 volte in totale.
Avatar utente
JBG
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer dic 26, 2007 9:15 am

Messaggioda tecnico24 » mer dic 26, 2007 10:23 am

Mcshield è il processo di Mcaffe internet security suite:
http://www.liutilities.com/products/win ... /mcshield/
ti bloccerà il pc sicuramente perché hai poca Ram e mcaffe occupa molte risorse e ha bisogno di una bella quantita di Ram.

Per la modalita provvisoria,su come ripristinarla:
scarica il file Safeboot.zip dall indirizzo WEB http://www.didierstevens.com/files/data/SafeBoot.zip

estrai/scompatta l'archivio in una cartella a tua scelta ed esegui safeboot.reg
e poi esegui le istruzioni e dovresti aver risolto.
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm

Messaggioda ste_95 » mer dic 26, 2007 10:30 am

esegui poi tutti i passaggi sotto elencati, dopo aver seguito le istruzioni di tecnico[:)]

Svuota il ripristino configurazione di sistema (E' molto importante!)

Con avenger inserisci questo script:

Files to delete:
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\webmediaplayer_setup.exe
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\HENEC7UH\inde[1].htm
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

Folders to delete:
C:\WINDOWS\exefld


Quindi fixa queste voci in HiJackThis:

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - (no file)
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Messaggioda ste_95 » mer dic 26, 2007 10:49 am

Scusa, ho fatto un errore nel precedente script, questo è quello giusto:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\webmediaplayer_setup.exe
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\HENEC7UH\inde[1].htm
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

Folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


[ciao]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda JBG » mar gen 01, 2008 2:24 pm

tecnico24 ha scritto:Mcshield è il processo di Mcaffe internet security suite:
http://www.liutilities.com/products/win ... /mcshield/
ti bloccerà il pc sicuramente perché hai poca Ram e mcaffe occupa molte risorse e ha bisogno di una bella quantita di Ram.

Per la modalita provvisoria,su come ripristinarla:
scarica il file Safeboot.zip dall indirizzo WEB http://www.didierstevens.com/files/data/SafeBoot.zip

estrai/scompatta l'archivio in una cartella a tua scelta ed esegui safeboot.reg
e poi esegui le istruzioni e dovresti aver risolto.



Il processo Mcshield è andato per un puo perché avevo appena reinstallato l'antivirus puoi ha smesso di consumare la RAM (1 GB installata). Dunque tutto a posto su questo fronte.

Idem per il reboot in modalità provvisoria. Ho inserito la chiave di registro seguendo le tue istruzioni. Ora funziona perfettamente.

Grazie mille per l'aiuto. [^]
Avatar utente
JBG
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer dic 26, 2007 9:15 am

Messaggioda JBG » mar gen 01, 2008 2:33 pm

ste_95 ha scritto:esegui poi tutti i passaggi sotto elencati, dopo aver seguito le istruzioni di tecnico[:)]

Svuota il ripristino configurazione di sistema (E' molto importante!)

Con avenger inserisci questo script:

Files to delete:
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\webmediaplayer_setup.exe
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\HENEC7UH\inde[1].htm
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

Folders to delete:
C:\WINDOWS\exefld


Quindi fixa queste voci in HiJackThis:

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - (no file)


Ho eseguito lo script come indicato nel tuo secondo messaggio puoi ho fissato con HìjackThis solamente la seguente voce:

O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - (no file)[/quote]

Le altre due voci non erano più presenti.

Grazie per l'aiuto. [^]
Avatar utente
JBG
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer dic 26, 2007 9:15 am

Messaggioda frattouno » mar gen 01, 2008 7:00 pm

io ho un'altro problema... sono certa di avere questo virus, l'ho preso pure quest'estate e l'ho rimosso grazie a voi e ai vostri articoli...
Problema: faccio la scansione con Kasperkey e non rileva niente...
E' possibile?
Come lo trovo?
[boh]
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda crazy.cat » mer gen 02, 2008 8:05 am

frattouno ha scritto:Problema: faccio la scansione con Kasperkey e non rileva niente...

Hai fatto la scansione di tutto il disco fisso?

Prova con lo script generico, anche se è strano che non abbia infettato nessun altro file.

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys

Folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda frattouno » lun gen 07, 2008 6:33 pm

si, la scansione l'ho fatta su tutto il disco fisso.
una domanda...emmm che ci faccio con questo script generico? dove lo incollo? Chiedo davvero UMILMENTE SCUSA per la mia ignoranza... ma ce la metto tutta [crash]
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda ste_95 » lun gen 07, 2008 6:53 pm

[ciao]

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys

Folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda frattouno » mar gen 08, 2008 1:25 am

grazie mille...ecco di seguito quello che n'è venuto fuori [boh]



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cknem^db

*******************

Script file located at: \??\C:\Documents and Settings\wblreutr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda crazy.cat » mar gen 08, 2008 7:34 am

frattouno ha scritto:grazie mille...ecco di seguito quello che n'è venuto fuori [boh]

Non sembra che tu abbia il virus bagle?
Che sintomi hai?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda frattouno » mar gen 08, 2008 6:40 pm

L'antivirus è fuori uso, così come il wireless, non riesco ad istallare aggiornaamenti ne a masterizzare...poi c'è da dire che una volta l'ho gia preso e appena ha cominciato a dare problemi subito ho sentito puzza di beagle! Non so, magari mi sbaglio...come faccio a capire di che si tratta? [V]
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda ste_95 » mar gen 08, 2008 7:57 pm

Posta i log Autostart e Rootkit di GMER [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda frattouno » mer gen 09, 2008 7:21 pm

Ok. Questo è il rootkit di gmer:


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-09 13:39:36
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Impossibile trovare il file specificato.
.text ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 17, 5F ]
.text ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 1A, 5F ]
.text ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 14, 5F ]
.text ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 11, 5F ]

---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 20, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 23, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1D, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 73, EB, C3, 83 ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F100F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 14, 5F ]
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\a-squared Anti-Dialer\a2adguard.exe[604] shell32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F100F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 23, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 26, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[748] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[1500] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[1500] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wscntfy.exe[1500] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[1500] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wscntfy.exe[1500] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 23, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 26, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 20, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1D, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F130F5A
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 17, 5F ]
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F190F5A
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ws2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe[1632] ws2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[1684] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1684] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1684] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 17, 5F ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 14, 5F ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 11, 5F ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] SHELL32.dll!Shell_NotifyIconW 7CA361F5 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] WS2_32.dll!connect 71A3406A 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Windows Media Player\wmplayer.exe[2640] WS2_32.dll!listen 71A388D3 6 Bytes JMP 5F220F5A
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Fra\Documenti\gmer.exe[3928] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 0E, 5F ]

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF97774] C:\WINDOWS\system32\ShimEng.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F749B1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F749B1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F748EF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda ste_95 » mer gen 09, 2008 7:22 pm

Pulito...

Attendo autostart [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda frattouno » mer gen 09, 2008 7:24 pm

e questo l'autostart...



GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2008-01-09 19:24:09
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\SubSystems@Windows =

%SystemRoot%\system32\csrss.exe

ObjectDirectory=\Windows SharedSection=1024,3072,512

Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3

ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off

MaxRequestThreads=16

HKLM\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon@Userinit =

C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2AntiDialer /*a-squared Anti-Dialer Service*/@ =

"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
Bonjour Service

/*##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762

##*/@ = C:\Programmi\Bonjour\mDNSResponder.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
odClientService /*Odyssey Client*/@ = C:\Programmi\Fujitsu

Siemens Computers\Odyssey Client for Fujitsu Siemens

Computers\odClientService.exe
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ =

%SystemRoot%\system32\spoolsv.exe
STI Simulator /*STI Simulator*/@ =

C:\WINDOWS\System32\PAStiSvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@TkBellExe"C:\Programmi\File

comuni\Real\Update_OB\realsched.exe" -osboot =

"C:\Programmi\File comuni\Real\Update_OB\realsched.exe"

-osboot
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe =

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe =

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@OdTray.exe"C:\Programmi\Fujitsu Siemens

Computers\Odyssey Client for Fujitsu Siemens

Computers\OdTray.exe" = "C:\Programmi\Fujitsu Siemens

Computers\Odyssey Client for Fujitsu Siemens

Computers\OdTray.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe =

C:\WINDOWS\system32\NeroCheck.exe
@ISUSScheduler"C:\Programmi\File

comuni\InstallShield\UpdateService\issch.exe" -start =

"C:\Programmi\File

comuni\InstallShield\UpdateService\issch.exe" -start
@ISUSPM Startup"C:\Programmi\File

comuni\InstallShield\UpdateService\isuspm.exe" -startup =

"C:\Programmi\File

comuni\InstallShield\UpdateService\isuspm.exe" -startup
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe =

C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe =

C:\WINDOWS\system32\hkcmd.exe
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup /*file not found*/ =

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

-startup /*file not found*/
@a-squared"C:\Programmi\a-squared

Anti-Dialer\a2adguard.exe" = "C:\Programmi\a-squared

Anti-Dialer\a2adguard.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe =

C:\WINDOWS\system32\ctfmon.exe
@ccleaner"C:\Programmi\CCleaner\ccleaner.exe" /AUTO =

"C:\Programmi\CCleaner\ccleaner.exe" /AUTO
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:

\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" =

"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe"

/background = "C:\Programmi\MSN Messenger\msnmsgr.exe"

/background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServic

eObjectDelayLoad >>>
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll =

C:\WINDOWS\system32\upnpui.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShService

Obj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione

panoramica video del Pannello di controllo*/deskpan.dll /*file not

found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina

proprietà versioni

precedenti*/%SystemRoot%\system32\twext.dll =

%SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni

precedenti*/%SystemRoot%\system32\twext.dll =

%SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search

Band*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell

DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8}

/*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft

Url History Service*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000}

/*History*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary

Internet Files*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary

Internet Files*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft

Url Search Hook*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The

Internet*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet

Name Space*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for

SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions

Manager Folder*/C:\WINDOWS\system32\extmgr.dll =

C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics

Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll =

C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle

Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSO

NSEXT.DLL =

C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEX

T.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft

Office HTML Icon Handler*/C:\Programmi\Microsoft

Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft

Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR

shell extension*/C:\Programmi\WinRAR\rarext.dll =

C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3}

/*AlcoholShellEx*/(null) =
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche

Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll =

C:\WINDOWS\system32\upnpui.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}

/*Messenger Sharing Folders*/C:\Programmi\MSN

Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN

Messenger\fsshext.8.1.0178.00.dll
@{B327765E-D724-4347-8B16-78AE18552FC3}

/*NeroDigitalIconHandler*/C:\Programmi\File

comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File

comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8}

/*NeroDigitalPropSheetHandler*/C:\Programmi\File

comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File

comuni\Ahead\lib\NeroDigitalExt.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell

Extensions for RealOne

Player*/C:\Programmi\Real\RealPlayer\rpshell.dll =

C:\Programmi\Real\RealPlayer\rpshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE

Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade

Task*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu

Desk Bar*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE

AutoComplete*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE

Navigation Bar*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu

Site*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu

Band*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE

Microsoft History AutoComplete

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking

Shell Menu*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE

IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE

BandProxy*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU

AutoComplete List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS

Feeder Folder*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE

Microsoft Shell Folder AutoComplete

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE

Microsoft Multiple AutoComplete List

Container*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft

Browser Architecture*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell

Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell

Band Site Menu*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049}

/*&Links*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry

Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User

Assist*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom

MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable

Devices*/%SystemRoot%\system32\wpdshext.dll =

%SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable

Devices Menu*/%SystemRoot%\system32\wpdshext.dll =

%SystemRoot%\system32\wpdshext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell

Extension for Malware scanning*/(null) =
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}

/*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat

7.0\Acrobat Elements\ContextMenu.dll =

C:\Programmi\Adobe\Acrobat 7.0\Acrobat

Elements\ContextMenu.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}

/*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite

6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite

6\PhoneBrowser.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG

Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll =

C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-C

B5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat

Elements\ContextMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4

D3CFE-E2AA-4C6E-B2FE-2A749F95D208} =

C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandler

s\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers

@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} =

C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Br

owser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program

mi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll =

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Programmi

\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll =

C:\Programmi\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\

google\googletoolbar3.dll =

c:\programmi\google\googletoolbar3.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\

Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll =

C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program

mi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll =

C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.

dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=691

57 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 =

http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm =

%SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\WINDOWS\system32\blank.htm =

C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID =

C:\Programmi\File comuni\Microsoft

Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID =

C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC1

0.DLL
mso-offdap11@CLSID =

C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC1

1.DLL
skype4com@CLSID =

C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parame

ters\NameSpace_Catalog5\Catalog_Entries\000000000004@L

ibraryPath = C:\Programmi\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Menu

Avvio\Programmi\Esecuzione automatica = Adobe Acrobat

Speed Launcher.lnk

---- EOF - GMER 1.0.13 ----
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda ste_95 » mer gen 09, 2008 7:27 pm

Eppure anche questo è pulito [boh]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda frattouno » mer gen 09, 2008 7:30 pm

uff....credo di essere paranoica allora....
mi consigli un antivirus così provo ad instalarlo e vediamo.
Avrei il nod 32 ma non riesco ad installarlo...

Grazie mille davvero [:-H]
Avatar utente
frattouno
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: gio mag 24, 2007 12:46 pm
Località: roma

Messaggioda ste_95 » mer gen 09, 2008 7:34 pm

Avira Antivir [:)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 26 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising