GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-29 15:00:59
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT spmr.sys ZwCreateKey [0xB9EA80E0]
SSDT spmr.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spmr.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spmr.sys ZwOpenKey [0xB9EA80C0]
SSDT spmr.sys ZwQueryKey [0xB9EC7108]
SSDT spmr.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spmr.sys ZwSetValueKey [0xB9EC719A]
INT 0x62 ? 8AC53BF8
INT 0x63 ? 8AAB5BF8
INT 0x63 ? 8AAB5BF8
INT 0x63 ? 8AAB5BF8
INT 0x82 ? 8AC53BF8
INT 0x83 ? 8AAB5BF8
INT 0x84 ? 8AAB5BF8
INT 0xA4 ? 8AAB5BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AAB5BF8
INT 0xB4 ? 8AC53BF8
---- Kernel code sections - GMER 1.0.14 ----
? spmr.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload B953A8AC 5 Bytes JMP 8AAB51D8
.text abufjwn2.SYS B92BD386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text abufjwn2.SYS B92BD3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text abufjwn2.SYS B92BD3C4 3 Bytes [ 00, 70, 02 ]
.text abufjwn2.SYS B92BD3C9 1 Byte [ 2E ]
.text abufjwn2.SYS B92BD3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spmr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spmr.sys
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8AC521F8
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \Driver\usbuhci \Device\USBPDO-0 8AAC91F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACCA1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-2 8AAC91F8
Device \Driver\usbehci \Device\USBPDO-3 8AA42500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C281493-BCD3-4386-A660-08B14F6D4AD3} 8A854500
Device \Driver\usbuhci \Device\USBPDO-4 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-5 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-6 8AAC91F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 amon.sys (Amon monitor/Eset )
Device \Driver\usbehci \Device\USBPDO-7 8AA42500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 amon.sys (Amon monitor/Eset )
Device \Driver\Cdrom \Device\CdRom0 8A9F51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 amon.sys (Amon monitor/Eset )
Device \Driver\Cdrom \Device\CdRom1 8A9F51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A854500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3966C5CC-1505-44B7-8581-449F57F9BFB6} 8A854500
Device \Driver\NetBT \Device\NetbiosSmb 8A854500
Device \Driver\PCI_PNP1064 \Device\0000004c spmr.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BF00DAD-28B4-40F8-BB6F-146BF0B1E9BE} 8A854500
Device \Driver\usbuhci \Device\USBFDO-0 8AAC91F8
Device \Driver\usbuhci \Device\USBFDO-1 8AAC91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4B9500
Device \Driver\usbuhci \Device\USBFDO-2 8AAC91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4B9500
Device \Driver\usbehci \Device\USBFDO-3 8AA42500
Device \Driver\usbuhci \Device\USBFDO-4 8AAC91F8
Device \Driver\Ftdisk \Device\FtControl 8AC541F8
Device \Driver\usbuhci \Device\USBFDO-5 8AAC91F8
Device \Driver\usbuhci \Device\USBFDO-6 8AAC91F8
Device \Driver\usbehci \Device\USBFDO-7 8AA42500
Device \Driver\abufjwn2 \Device\Scsi\abufjwn21Port6Path0Target0Lun0 8A9E61F8
Device \Driver\abufjwn2 \Device\Scsi\abufjwn21 8A9E61F8
Device \Driver\sptd \Device\1730627314 spmr.sys
Device \FileSystem\Cdfs \Cdfs 8A617500
---- Processes - GMER 1.0.14 ----
Process hidden process (*** hidden *** ) 4668
Process hidden process (*** hidden *** ) 6620
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x1C 0xAD 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x0C 0xFF 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x1C 0xAD 0xF2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 2FD33A3F2A491EC744DF27D328AE11C4A0CBEE33BBBD52B8869FF73A33EDE85FC94CBA16AF44F0C69A352A19428F0C7FEB08AA4F15DD5BA6E4E319EEA5D71132E4D4DF928FD5131F13999C4C67DB9FDD033ED8F6A3CF121B678350EC1C12B455D216C57F0BD815BB0A1BEAC2B1E27DE76B0457AE7D77EC60DA390C0643B6246D47128D9788BA4D3EBD9F894861089DDB0B43896D59CBA0EDEE13C0FEEA717B525C1B5C1090FDD37BCF606A9A5842B9AA2EB8D5A092DBA8F3397566118A85148D115A590E53B806FAC7690AEE1E9C4FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407CEA4D03D6D5A4444EA2A23D83BA80C5475E8861E3DBF0F0678BCFBC422399D8B6C08045D0D9DCC99D947DD7F21BDE90FD0B1A97D631E363AACEF49AA64EEFA22A7589DB33B1CE9E842450D01D2DFCB367477DAB2897504B93288D3A319CD5BB644EBC000D6DAA7A6E403B56E3CEE37DEBEBEA3C0C79E12DB2654C843A5C40D83B8FADF093105298CB5C2AFDC3B6BC0664075E12EA9150D3CD689AB9E64E97104B0A3C116126824175E2B2866237F95E63FE84705AEF8B33A453F52D4A0757E770C6783733275E488B9C5A028BB727346B4CDD9554D8D5CF7297369839B45BC62D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION F088A407CE9B3AC7AEAE1C99F815FE87535BEDA894D81B72F8CD214A6AE9767D36E62FC580985D7ECA962AAAD861EEEF5F28F0B7AF978E7DD3CEEA16556377679A11E261958AD1B2AE78E2FEAC9560A50717ABC6CF2F38A0B25E327CC0ED8DB46AC0B596F4568C1DC6286459CE40C4F87A3A863DE1FBA25FA86A462848D27C3F36E004758CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B980815552828E262F16AD6857DABB1ABA2AE14F3CFA046621A853776EBB3DE89A28D6B681EE44D2EFAD49C361264E2B96143C5F4840320D2670B058FC12FB9CF9E3115837605703A92A87C2353EB31E10BF0A4F978430D7C29D1AFAF3AA4FADC4FA02687AF30EF315A98776893EA3F56A63CC2F6F2ABCFBB6C517041B29F2455E6E3A87B5AD12A1F4ADE8442B7CD65AC92B021814E4B5D4E9404FA541AEFE342EA0519059A9A2DF62F378C933BC531E0FE5B37567B72DED7D5E9701DF427248DB715E8F2ACFD3E8D28E1ED622CC9E2D06FCD71527C3833E13A83E9F3DC9CFC0B7BA6FCB6DA35D21C28A47A572D90EE3F3F1D2DF968F76BD4A05973D2FC6C3E6B39522DE2083C1740F8C7F8C074997ED119E2BD72EB4D4C823A740D5B16F56A4AC7B3483329D2EA7BB497A290C
---- EOF - GMER 1.0.14 ----
Rootkit scan 2009-01-29 15:00:59
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT spmr.sys ZwCreateKey [0xB9EA80E0]
SSDT spmr.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spmr.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spmr.sys ZwOpenKey [0xB9EA80C0]
SSDT spmr.sys ZwQueryKey [0xB9EC7108]
SSDT spmr.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spmr.sys ZwSetValueKey [0xB9EC719A]
INT 0x62 ? 8AC53BF8
INT 0x63 ? 8AAB5BF8
INT 0x63 ? 8AAB5BF8
INT 0x63 ? 8AAB5BF8
INT 0x82 ? 8AC53BF8
INT 0x83 ? 8AAB5BF8
INT 0x84 ? 8AAB5BF8
INT 0xA4 ? 8AAB5BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AC53BF8
INT 0xB4 ? 8AAB5BF8
INT 0xB4 ? 8AC53BF8
---- Kernel code sections - GMER 1.0.14 ----
? spmr.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload B953A8AC 5 Bytes JMP 8AAB51D8
.text abufjwn2.SYS B92BD386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text abufjwn2.SYS B92BD3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text abufjwn2.SYS B92BD3C4 3 Bytes [ 00, 70, 02 ]
.text abufjwn2.SYS B92BD3C9 1 Byte [ 2E ]
.text abufjwn2.SYS B92BD3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spmr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spmr.sys
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\abufjwn2.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8AC521F8
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \Driver\usbuhci \Device\USBPDO-0 8AAC91F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACCA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACCA1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-2 8AAC91F8
Device \Driver\usbehci \Device\USBPDO-3 8AA42500
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C281493-BCD3-4386-A660-08B14F6D4AD3} 8A854500
Device \Driver\usbuhci \Device\USBPDO-4 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-5 8AAC91F8
Device \Driver\usbuhci \Device\USBPDO-6 8AAC91F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 amon.sys (Amon monitor/Eset )
Device \Driver\usbehci \Device\USBPDO-7 8AA42500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 amon.sys (Amon monitor/Eset )
Device \Driver\Cdrom \Device\CdRom0 8A9F51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC541F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 amon.sys (Amon monitor/Eset )
Device \Driver\Cdrom \Device\CdRom1 8A9F51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A854500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3966C5CC-1505-44B7-8581-449F57F9BFB6} 8A854500
Device \Driver\NetBT \Device\NetbiosSmb 8A854500
Device \Driver\PCI_PNP1064 \Device\0000004c spmr.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BF00DAD-28B4-40F8-BB6F-146BF0B1E9BE} 8A854500
Device \Driver\usbuhci \Device\USBFDO-0 8AAC91F8
Device \Driver\usbuhci \Device\USBFDO-1 8AAC91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4B9500
Device \Driver\usbuhci \Device\USBFDO-2 8AAC91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4B9500
Device \Driver\usbehci \Device\USBFDO-3 8AA42500
Device \Driver\usbuhci \Device\USBFDO-4 8AAC91F8
Device \Driver\Ftdisk \Device\FtControl 8AC541F8
Device \Driver\usbuhci \Device\USBFDO-5 8AAC91F8
Device \Driver\usbuhci \Device\USBFDO-6 8AAC91F8
Device \Driver\usbehci \Device\USBFDO-7 8AA42500
Device \Driver\abufjwn2 \Device\Scsi\abufjwn21Port6Path0Target0Lun0 8A9E61F8
Device \Driver\abufjwn2 \Device\Scsi\abufjwn21 8A9E61F8
Device \Driver\sptd \Device\1730627314 spmr.sys
Device \FileSystem\Cdfs \Cdfs 8A617500
---- Processes - GMER 1.0.14 ----
Process hidden process (*** hidden *** ) 4668
Process hidden process (*** hidden *** ) 6620
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x1C 0xAD 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x0C 0xFF 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x1C 0xAD 0xF2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 2FD33A3F2A491EC744DF27D328AE11C4A0CBEE33BBBD52B8869FF73A33EDE85FC94CBA16AF44F0C69A352A19428F0C7FEB08AA4F15DD5BA6E4E319EEA5D71132E4D4DF928FD5131F13999C4C67DB9FDD033ED8F6A3CF121B678350EC1C12B455D216C57F0BD815BB0A1BEAC2B1E27DE76B0457AE7D77EC60DA390C0643B6246D47128D9788BA4D3EBD9F894861089DDB0B43896D59CBA0EDEE13C0FEEA717B525C1B5C1090FDD37BCF606A9A5842B9AA2EB8D5A092DBA8F3397566118A85148D115A590E53B806FAC7690AEE1E9C4FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407CEA4D03D6D5A4444EA2A23D83BA80C5475E8861E3DBF0F0678BCFBC422399D8B6C08045D0D9DCC99D947DD7F21BDE90FD0B1A97D631E363AACEF49AA64EEFA22A7589DB33B1CE9E842450D01D2DFCB367477DAB2897504B93288D3A319CD5BB644EBC000D6DAA7A6E403B56E3CEE37DEBEBEA3C0C79E12DB2654C843A5C40D83B8FADF093105298CB5C2AFDC3B6BC0664075E12EA9150D3CD689AB9E64E97104B0A3C116126824175E2B2866237F95E63FE84705AEF8B33A453F52D4A0757E770C6783733275E488B9C5A028BB727346B4CDD9554D8D5CF7297369839B45BC62D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION F088A407CE9B3AC7AEAE1C99F815FE87535BEDA894D81B72F8CD214A6AE9767D36E62FC580985D7ECA962AAAD861EEEF5F28F0B7AF978E7DD3CEEA16556377679A11E261958AD1B2AE78E2FEAC9560A50717ABC6CF2F38A0B25E327CC0ED8DB46AC0B596F4568C1DC6286459CE40C4F87A3A863DE1FBA25FA86A462848D27C3F36E004758CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B980815552828E262F16AD6857DABB1ABA2AE14F3CFA046621A853776EBB3DE89A28D6B681EE44D2EFAD49C361264E2B96143C5F4840320D2670B058FC12FB9CF9E3115837605703A92A87C2353EB31E10BF0A4F978430D7C29D1AFAF3AA4FADC4FA02687AF30EF315A98776893EA3F56A63CC2F6F2ABCFBB6C517041B29F2455E6E3A87B5AD12A1F4ADE8442B7CD65AC92B021814E4B5D4E9404FA541AEFE342EA0519059A9A2DF62F378C933BC531E0FE5B37567B72DED7D5E9701DF427248DB715E8F2ACFD3E8D28E1ED622CC9E2D06FCD71527C3833E13A83E9F3DC9CFC0B7BA6FCB6DA35D21C28A47A572D90EE3F3F1D2DF968F76BD4A05973D2FC6C3E6B39522DE2083C1740F8C7F8C074997ED119E2BD72EB4D4C823A740D5B16F56A4AC7B3483329D2EA7BB497A290C
---- EOF - GMER 1.0.14 ----
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.04.33, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\GIGABYTE\EnergySaver\GSvr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\eMule\emule.exe
C:\Programmi\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\Programmi\Mozilla Firefox\firefox.exe
E:\SoftNoInstal\gmer.exe
E:\SoftNoInstal\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: freepops.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar2\Rainlendar2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF00DAD-28B4-40F8-BB6F-146BF0B1E9BE}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programmi\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
--
End of file - 7675 bytes
Scan saved at 15.04.33, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\GIGABYTE\EnergySaver\GSvr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\eMule\emule.exe
C:\Programmi\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\Programmi\Mozilla Firefox\firefox.exe
E:\SoftNoInstal\gmer.exe
E:\SoftNoInstal\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: freepops.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar2\Rainlendar2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF00DAD-28B4-40F8-BB6F-146BF0B1E9BE}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programmi\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
--
End of file - 7675 bytes
Malwarebytes' Anti-Malware 1.33
Versione del database: 1705
Windows 5.1.2600 Service Pack 3
29/01/2009 15.34.05
mbam-log-2009-01-29 (15-34-05).txt
Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 98743
Tempo trascorso: 17 minute(s), 18 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Versione del database: 1705
Windows 5.1.2600 Service Pack 3
29/01/2009 15.34.05
mbam-log-2009-01-29 (15-34-05).txt
Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 98743
Tempo trascorso: 17 minute(s), 18 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)