Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Aiuto per log HijackThis pc lento

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Aiuto per log HijackThis pc lento

Messaggioda luc_1 » lun set 11, 2006 7:48 pm

Ciao a tutti i componenti del forum sono un nuovo iscritto, non sono molto pratico di forum e neanche di pc, spero di riuscire a spiegare i miei problemi. Nel mio pc e' installato norton inernet security 2006, A2squared,spywareblaster, superantispyware,spywareterminator,eppure norton continua a dirmi che ho beccato Link optimizer,trafficadvance e downloader, bella collezione, il pc si e' addormentato e non riesco piu' neanche a navigare ho alice flat forse questo puo' essere imputabile all'upgrade che stanno facendo per il passaggio 640 2megabite. ho usato anche vari tools ma niente, cosa posso fare? Rigrazio anticipatamente.
allego 2 log.

Logfile of HijackThis v1.99.1
Scan saved at 20.42.26, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\TechniSat DVB\bin\Server4PC.exe
C:\Programmi\DVBViewerTE\AP Launch.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\TechniSat DVB\bin\Server4PC.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\CallingID\CallingIDGlobal.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programmi\CallingID\CallingIDIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programmi\CallingID\CallingIDIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AP Launch.lnk = C:\Programmi\DVBViewerTE\AP Launch.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Server4PC.lnk = C:\Programmi\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5379378225
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------------------------------------------------------------------
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS


Trojan.Gromozon does not exist - your system is clean.
Avatar utente
luc_1
Aficionado
Aficionado
 
Messaggi: 79
Iscritto il: gio set 07, 2006 3:53 pm

Messaggioda Amantide » lun set 11, 2006 8:20 pm

Se il computer è sempre lo stesso http://www.MegaLab.it/forum/viewtopic.p ... highlight= allora anche la risposta è sempra la stessa.
Il log è pulito e non ci sono le tracce visibili ne di LinkOptimizer ne di qualcos' altro.

L'unica cosa che puoi fare è abilitare la visualizzazione dei file e cartelle nascoste e controllare se nel C:\Documents and Settings c'è un account sconosciuto con un nome strano. Puoi anche controllare in Strumenti di amministrazione--> Servizi se c'è qualche servizio sospetto, sempre con un nome strano e sospetto, avviato.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda luc_1 » lun set 11, 2006 8:50 pm

Amantide ha scritto:Se il computer è sempre lo stesso http://www.MegaLab.it/forum/viewtopic.p ... highlight= allora anche la risposta è sempra la stessa.
Il log è pulito e non ci sono le tracce visibili ne di LinkOptimizer ne di qualcos' altro.

L'unica cosa che puoi fare è abilitare la visualizzazione dei file e cartelle nascoste e controllare se nel C:\Documents and Settings c'è un account sconosciuto con un nome strano. Puoi anche controllare in Strumenti di amministrazione--> Servizi se c'è qualche servizio sospetto, sempre con un nome strano e sospetto, avviato.


Ciao grazie per l'aiuto il primo controllo lo fatto e non c'e' niente non ho capito come fare per controllare in strumenti di amministrazione. Grazie
Modifico il messaggio perche' sono riuscito a trovare anche l'altro Strumenti di amministrazione ,ci sono 6 file ma niente di sospetto, almeno credo, sembrano file di windows. Approffito se ti e' possibile darmi un'altra info che mi tormenta e' possibile che partendo da C:\Documens and Settings fino ad arrivare alla cartella file temporanei contentIE.5 ci sia all'interno un file Index.dat di 1.280 KB ? Grazie
Avatar utente
luc_1
Aficionado
Aficionado
 
Messaggi: 79
Iscritto il: gio set 07, 2006 3:53 pm


Messaggioda Amantide » lun set 11, 2006 9:28 pm

Si, è normale. Index.dat sono i file temporanei di cache. Puoi scaricare il programma CCleaner e fare la pulizia di tutti i file temporanei non più necessari.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda luc_1 » mar set 12, 2006 11:41 am

Amantide ha scritto:Si, è normale. Index.dat sono i file temporanei di cache. Puoi scaricare il programma CCleaner e fare la pulizia di tutti i file temporanei non più necessari.


Ciao Amantide grazie per le info io gia' uso Ccleaner e' anche aggiornato
alla versione 1.32.45, ma dopo l'esecuzione il file Index.dat rimane sempre 1.248 KB, come mai ?. Grazie tante.
Avatar utente
luc_1
Aficionado
Aficionado
 
Messaggi: 79
Iscritto il: gio set 07, 2006 3:53 pm

Messaggioda crazy.cat » mar set 12, 2006 11:57 am

x luc_1
Oltre al solito di consiglio di buttare quella fetecchia di antivirus chiamato norton, vai su www.kaspersky.com e fai lo scan online così vedi se ci sono, e quanti sono, virus.
Salvati il risultato dello scan online se trova dei virus.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Forse ho trovato i problemi

Messaggioda luc_1 » mer set 13, 2006 2:43 am

crazy.cat ha scritto:x luc_1
Oltre al solito di consiglio di buttare quella fetecchia di antivirus chiamato norton, vai su www.kaspersky.com e fai lo scan online così vedi se ci sono, e quanti sono, virus.
Salvati il risultato dello scan online se trova dei virus.


Messaggio di Gmer: "Gmer has found system modification caused by ROOTKIT activity. Il mio pc non cammina piu'.Ho seguito il consiglio di copiare Gmer da un'altra parte e poi rinominarlo e direi che funzione perche' e venuto giu' il mondo. Allego log autostart e rookit.Cosa faccio? grazie come sempre. Ciao

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-13 01:12:09
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Symantec Core LC /*Symantec Core LC*/@ = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe"
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@EPSON Stylus C86 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
@NWEReboot /*file not found*/ = /*file not found*/
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
@CTDVDDETC:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE = C:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
@CTSysVolC:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r /*file not found*/
@RCSystem"C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup = "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
@AudioDrvEmulator"C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" = "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@SUPERAntiSpywareC:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{9ECB9560-04F9-4bbc-943D-298DDF1699E1}C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll = C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
@{FBF2401B-7447-4727-BE5D-C19B2075CA84}C:\Programmi\CallingID\CallingIDIE.dll = C:\Programmi\CallingID\CallingIDIE.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AAE93CA7-F1E9-44AF-A934-4B743DCBDE13} /*Connessione alla rete locale (LAN) 3*/ >>>
@IPAddress192.168.238.238 = 192.168.238.238
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\Marco\Menu Avvio\Programmi\Esecuzione automatica = AP Launch.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Server4PC.lnk = Server4PC.lnk

---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-13 01:34:37
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 81D53298 ZwAlertResumeThread
SSDT 81D2DE98 ZwAlertThread
SSDT 81D05C18 ZwAllocateVirtualMemory
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwClose <-- ROOTKIT !!!
SSDT 827BBEE8 ZwConnectPort
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey <-- ROOTKIT !!!
SSDT 829EE708 ZwCreateMutant
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection <-- ROOTKIT !!!
SSDT 81B1F1F0 ZwCreateThread
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey <-- ROOTKIT !!!
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey <-- ROOTKIT !!!
SSDT 81D5F550 ZwFreeVirtualMemory
SSDT 827503F0 ZwImpersonateAnonymousToken
SSDT 82750438 ZwImpersonateThread
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver <-- ROOTKIT !!!
SSDT 81AFC628 ZwMapViewOfSection
SSDT 81D58608 ZwOpenEvent
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile <-- ROOTKIT !!!
SSDT 81D5E160 ZwOpenProcessToken
SSDT 829EFB40 ZwOpenThreadToken
SSDT 81B04BC0 ZwQueryValueKey
SSDT 81D5C168 ZwResumeThread
SSDT 82750480 ZwSetContextThread
SSDT 81D5D360 ZwSetInformationProcess
SSDT 81D5A198 ZwSetInformationThread
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey <-- ROOTKIT !!!
SSDT 81D171F0 ZwSuspendProcess
SSDT 81D2DE60 ZwSuspendThread
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess <-- ROOTKIT !!!
SSDT 81D0B220 ZwTerminateThread
SSDT 82289F18 ZwUnmapViewOfSection
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile <-- ROOTKIT !!!
SSDT 81B21220 ZwWriteVirtualMemory


---- Devices - GMER 1.0.10 ----

Device \Device\0000001f
Device \Device\0000002b
Device \Device\00000058
Device \Device\00000064
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Device\i
Device \Device\Ide\PciIde0
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore

---- Modules - GMER 1.0.10 ----

Module \SystemRoot\system32\DRIVERS\processr.sys F75AF000
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys F7112000
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F70FE000
Module \SystemRoot\system32\DRIVERS\imapi.sys F75BF000
Module \SystemRoot\system32\DRIVERS\cdrom.sys F75CF000
Module \SystemRoot\system32\DRIVERS\redbook.sys F75DF000
Module \SystemRoot\system32\DRIVERS\ks.sys F70DB000
Module \SystemRoot\system32\drivers\ctaud2k.sys F7047000
Module \SystemRoot\system32\drivers\portcls.sys F7023000
Module \SystemRoot\system32\drivers\drmk.sys F75EF000
Module \SystemRoot\system32\drivers\ctoss2k.sys F6FF1000
Module \SystemRoot\system32\drivers\ctprxy2k.sys F7827000
Module \SystemRoot\system32\DRIVERS\SkyNET.SYS F6F99000
Module \SystemRoot\system32\DRIVERS\usbuhci.sys F78BF000
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS F6F76000
Module \SystemRoot\system32\DRIVERS\usbehci.sys F78EF000
Module \SystemRoot\system32\DRIVERS\fdc.sys F78FF000
Module \SystemRoot\system32\DRIVERS\serial.sys F6F65000
Module \SystemRoot\system32\DRIVERS\serenum.sys F79FF000
Module \SystemRoot\system32\DRIVERS\parport.sys F6F51000
Module \SystemRoot\system32\DRIVERS\i8042prt.sys F75FF000
Module \SystemRoot\system32\DRIVERS\kbdclass.sys F77D7000
Module \SystemRoot\system32\DRIVERS\gameenum.sys F7A0B000
Module \SystemRoot\system32\drivers\msmpu401.sys F7C7C000
Module \SystemRoot\system32\DRIVERS\audstub.sys F7C7E000
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys F760F000
Module \SystemRoot\system32\DRIVERS\ndistapi.sys F7A13000
Module \SystemRoot\system32\DRIVERS\ndiswan.sys F6F3A000
Module \SystemRoot\system32\DRIVERS\raspppoe.sys F761F000
Module \SystemRoot\system32\DRIVERS\raspptp.sys F762F000
Module \SystemRoot\system32\DRIVERS\TDI.SYS F781F000
Module \SystemRoot\system32\DRIVERS\psched.sys F6F29000
Module \SystemRoot\system32\DRIVERS\msgpc.sys F763F000
Module \SystemRoot\system32\DRIVERS\ptilink.sys F784F000
Module \SystemRoot\system32\DRIVERS\raspti.sys F785F000
Module \SystemRoot\system32\DRIVERS\termdd.sys F764F000
Module \SystemRoot\system32\DRIVERS\mouclass.sys F7877000
Module \SystemRoot\system32\DRIVERS\swenum.sys F7A43000
Module \SystemRoot\system32\DRIVERS\update.sys F6EF5000
Module \SystemRoot\system32\DRIVERS\mssmbios.sys F79AF000
Module \SystemRoot\System32\Drivers\NDProxy.SYS F765F000
Module \SystemRoot\system32\drivers\hap17v2k.sys F5D9C000
Module \SystemRoot\system32\drivers\ha10kx2k.sys F5C9C000
Module \SystemRoot\system32\drivers\emupia2k.sys F5C6F000
Module \SystemRoot\system32\drivers\ctsfm2k.sys F5C48000
Module \SystemRoot\system32\drivers\ctac32k.sys F5BAC000
Module \SystemRoot\system32\DRIVERS\usbhub.sys F766F000
Module \SystemRoot\system32\DRIVERS\USBD.SYS F7A59000
Module \SystemRoot\system32\DRIVERS\flpydisk.sys F7837000
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS F7A5D000
Module \SystemRoot\System32\Drivers\Null.SYS F7BB8000
Module \SystemRoot\System32\Drivers\Beep.SYS F7A61000
Module \SystemRoot\System32\drivers\vga.sys F7867000
Module \SystemRoot\System32\Drivers\mnmdd.SYS F7A65000
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A69000
Module \SystemRoot\System32\Drivers\Msfs.SYS F787F000
Module \SystemRoot\System32\Drivers\Npfs.SYS F788F000
Module \SystemRoot\system32\DRIVERS\rasacd.sys F79CB000
Module \SystemRoot\system32\DRIVERS\ipsec.sys F5AD9000
Module \SystemRoot\system32\DRIVERS\tcpip.sys F5A81000
Module \SystemRoot\System32\Drivers\SYMTDI.SYS F5A46000
Module \SystemRoot\system32\DRIVERS\ipnat.sys F59FD000
Module \SystemRoot\system32\DRIVERS\wanarp.sys F768F000
Module \??\C:\Programmi\Symantec\SYMEVENT.SYS F59DB000
Module \SystemRoot\system32\DRIVERS\hidusb.sys F79FB000
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F769F000
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F78B7000
Module \SystemRoot\System32\Drivers\SYMREDRV.SYS F76AF000
Module \SystemRoot\System32\Drivers\SYMDNS.SYS F78CF000
Module \SystemRoot\System32\Drivers\SYMNDIS.SYS F76BF000
Module \SystemRoot\System32\Drivers\SYMFW.SYS F59B2000
Module \SystemRoot\system32\DRIVERS\mouhid.sys F7A27000
Module \SystemRoot\System32\Drivers\SYMIDS.SYS F76CF000
Module \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys F5984000
Module \SystemRoot\system32\DRIVERS\netbt.sys F595C000
Module \SystemRoot\System32\drivers\afd.sys F593A000
Module \SystemRoot\system32\DRIVERS\netbios.sys F774F000
Module \??\C:\Documents_and_Settings\All_Users\Dati_applicazioni\Spyware_Terminator\sp_rsdrv2.sys F5919000
Module \??\C:\Programmi\File_comuni\Symantec_Shared\SPBBC\SPBBCDrv.sys F58B7000
Module \??\C:\Programmi\Norton_Internet_Security\Norton_AntiVirus\SAVRTPEL.SYS F58A3000
Module \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys F778F000
Module \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS F7907000
Module \SystemRoot\system32\DRIVERS\rdbss.sys F5878000
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys F5809000
Module \SystemRoot\System32\Drivers\Fips.SYS F779F000
Module \??\C:\Programmi\File_comuni\Symantec_Shared\EENGINE\eeCtrl.sys F57A7000
Module \??\C:\Programmi\File_comuni\Symantec_Shared\EENGINE\EraserUtilRebootDrv.sys F578B000
Module \SystemRoot\System32\Drivers\Cdfs.SYS F5B7C000
Module \SystemRoot\System32\Drivers\dump_atapi.sys F56AB000
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F7A9B000
Module \SystemRoot\System32\win32k.sys BF800000
Module \SystemRoot\System32\drivers\Dxapi.sys F56CF000
Module \SystemRoot\System32\watchdog.sys F7887000
Module \SystemRoot\System32\drivers\dxg.sys BF000000
Module \SystemRoot\System32\drivers\dxgthk.sys F7C2E000
Module \SystemRoot\System32\nv4_disp.dll BF012000
Module \SystemRoot\system32\DRIVERS\ndisuio.sys F4518000
Module \SystemRoot\system32\drivers\wdmaud.sys F377B000
Module \SystemRoot\system32\drivers\sysaudio.sys F3920000
Module \SystemRoot\system32\DRIVERS\mrxdav.sys F3541000
Module \SystemRoot\System32\Drivers\ParVdm.SYS F7A3D000
Module \SystemRoot\system32\DRIVERS\srv.sys F34EF000
Module \??\C:\WINDOWS\system32\drivers\PfModNT.sys F34D7000
Module \??\C:\WINDOWS\system32\drivers\symlcbrd.sys F78E7000
Module \??\C:\Programmi\Norton_Internet_Security\Norton_AntiVirus\SAVRT.SYS F329F000
Module \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20060911.037\NavEx15.Sys F31AE000
Module \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20060911.037\NAVENG.Sys F319C000
Module \SystemRoot\System32\Drivers\HTTP.sys F2D73000
Module \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS F7927000
Module \SystemRoot\System32\DRIVERS\gmer.sys F2849000
Module \SystemRoot\system32\drivers\kmixer.sys F09A6000
Module \WINDOWS\System32\ntdll.dll 7C910000

---- Services - GMER 1.0.10 ----

Service [DISABLED] Abiosdsk <-- ROOTKIT !!!
Service [DISABLED] abp480n5 <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC <-- ROOTKIT !!!
Service [DISABLED] adpu160m <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x <-- ROOTKIT !!!
Service [DISABLED] aic78u2 <-- ROOTKIT !!!
Service [DISABLED] aic78xx <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde <-- ROOTKIT !!!
Service [DISABLED] amsint <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc <-- ROOTKIT !!!
Service [DISABLED] asc3350p <-- ROOTKIT !!!
Service [DISABLED] asc3550 <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub
Service [SYSTEM] Beep <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr
Service C:\Programmi\Norton Internet Security\ccPwdSvc.exe [MANUAL] ccISPwdSvc
Service C:\Programmi\File comuni\Symantec Shared\ccProxy.exe [AUTO] ccProxy
Service C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr
Service [DISABLED] cd20xrnt <-- ROOTKIT !!!
Service [SYSTEM] Cdaudio <-- ROOTKIT !!!
Service [DISABLED] Cdfs <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys [MANUAL] CnxTrLan
Service C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys [MANUAL] CnxTrUsb
Service C:\Programmi\Norton Internet Security\comHost.exe [MANUAL] comHost
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service [DISABLED] Cpqarray <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\system32\drivers\ctac32k.sys [MANUAL] ctac32k
Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k
Service C:\WINDOWS\system32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k
Service C:\WINDOWS\system32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k
Service C:\WINDOWS\system32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k
Service [DISABLED] dac2w2k <-- ROOTKIT !!!
Service [DISABLED] dac960nt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys [SYSTEM] eeCtrl
Service C:\WINDOWS\system32\drivers\emupia2k.sys [MANUAL] emupia
Service C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [MANUAL] EraserUtilRebootDrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k
Service C:\WINDOWS\system32\drivers\hap16v2k.sys [MANUAL] hap16v2k
Service C:\WINDOWS\system32\drivers\hap17v2k.sys [MANUAL] hap17v2k
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn <-- ROOTKIT !!!
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt <-- ROOTKIT !!!
Service [DISABLED] i2omp <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service [DISABLED] ini910u <-- ROOTKIT !!!
Service [DISABLED] IntelIde <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc <-- ROOTKIT !!!
Service C:\Programmi\Symantec\LiveUpdate\LuComServer_3_0.EXE [MANUAL] LiveUpdate
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd <-- ROOTKIT !!!
Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr <-- ROOTKIT !!!
Service [DISABLED] mraid35x <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs <-- ROOTKIT !!!
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401
Service [BOOT] Mup <-- ROOTKIT !!!
Service C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe [AUTO] navapsvc
Service C:\Programmi\File comuni\Symantec Shared\VirusDefs\20060911.037\NAVENG.SYS [MANUAL] NAVENG
Service C:\Programmi\File comuni\Symantec Shared\VirusDefs\20060911.037\NAVEX15.SYS [MANUAL] NAVEX15
Service [BOOT] NDIS <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla
Service [SYSTEM] Npfs <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE [MANUAL] NSCService
Service [DISABLED] Ntfs <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv
Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Avatar utente
luc_1
Aficionado
Aficionado
 
Messaggi: 79
Iscritto il: gio set 07, 2006 3:53 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising